A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.
A researcher is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find. But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chosen to make public anyway.
Bug-bounty hunter Athul Jayaram, who discovered the issue, calls the phone numbers “leaked” and characterizes the situation as a security bug that puts WhatsApp users’ privacy at risk.
Jayaram has said that the phone numbers of users using this feature can show up in Google Search results because the search indexes the feature’s metadata. The bug bounty hunter has stated that users’ phone numbers will be visible in plain text in the URL — https://wa.me/<phone_number> — which makes it easier for scammers put together a list of legitimate phone numbers. The researcher has found 300,000 indexed on Google as of now.
In the research shared through Threatpost, Jayaram said that the number of users is present in the plain text, so anyone who has the URL will be able to see the phone number. Further Jairam said that it creates a lot of ease for the snappers, by which he can copy and compile all the numbers and use them in a campaign.
Tags:- Whasapp bug, whatsapp user, whatsapp, whatsapp user in danger, whatsapp data leak, million user number leak,