Your WhatsApp number is highly compromised and exposed to cyber threat as an Indian cybersecurity researcher has discovered a new bug that uploads your number into Google search.
According to Athul Jayaram, a bug bounty hunter shared that due to flaw in WhatsApp for web portal leaked around 29,000 users phone number from all across the globe including India, United States, United Kindgom and other countries.
Remember ‘WhatsApp Click to Chat’ feature, that let users start a conversation with users without saving phone number? The vulnerability in this feature gives birth to this bug.
Jayram in this blog post on Medium explains that the same feature creates a link via WhatsApp for web portal without encrypting a phone number. Due to this reason, the phone number can be seen in the plain text within the link as “https://wa.me”.
One can easily found the phone number on Google search by making a simple search query, even there’s a way to search phone numbers from a particular country using country calling code.
Let’s us show you how this new WhatsApp bug expose phone number. Suppose you want to find phone number from Indian, then you need to search this in Google:
site:wa.me "+91"
Instantly, you will get list of all the WhatsApp phone number of the users in the search results
Similar, For United States you need to search: site:wa.me "+1"
Jayaram also mentioned in his blog that due to this reason the leaked phone numbers are highly exposed to phishing attacked by online threat actors. In addition, display pictures, display names, profile status of compromised depending on their privacy settings.
When Threatpost asked WhatsApp about the bug, the company’s spokespoerson said:
“While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
A few months ago, the same bug was discovered with a WhatsApp, where links to join private groups on WhatsApp were indexed in Google search.
What are your thoughts about this WhatsApp bug? We would like to hear from you in the comments.