Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag

Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag

SUMMARY

The database belonged to users from India, UK, US and several other countries

The numbers were available on Google search and has been taken down now

Data of 267 Mn Facebook users was also up on sale in April 2020

Facebook-owned instant messaging platform WhatsApp may have exposed the phone numbers of around 29K to 3 Lakh users in plain text, accessible to any internet user upon web search. The database includes phone numbers of users from India, UK, US and several other countries.

The incident was first reported by Athul Jayaram, a cybersecurity researcher. He explained that the vulnerability is a part of WhatsApp’s ‘click to chat’ feature which allows users to generate a link for their inbox. The instant messaging app does not encrypt the phone numbers highlighting in the link. Once shared, the phone number is visible in plain text on web search.

Jayaram explained that the generated link also contains the phone numbers associated with the account. Anyone with access to the link is also able to see the user’s phone number. The URL is also picked by Google Bots for search indexing and this is why the number is visible upon research. The link counties to be available on Google search even if the social media post has been taken down. However, the number has been taken down from Google search.

(Image shared by Athul Jayaram with Inc42)

Jayaram added “this privacy issue could have been avoided if Whatsapp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages. Unfortunately, they did not do that yet and your privacy may be at stake.”

“This is because https://wa.me do not have a robots.txt file in its server root, which means you cannot stop Google or other search engine bots from crawling and indexing the wa.me links, which means those links will stay in the web. The pages do not have noindex meta tags to prevent any search engines from indexing the links,” he added.

The cyber security researcher had also raised the issue with Facebook, which reportedly said that the “data abuse is only covered for Facebook platforms and not WhatsApp.”

Meanwhile, data of 267 Mn Facebook users had also been up for sale on dark web for around INR 42K, back in April 2020. Threat intelligence platforms, Cyble, highlighted that the database contained email addresses, names, Facebook IDs, dates of birth and phone numbers. The company’s researchers had also purchased the data to verify. This database did not include accounts’ password.

You have reached your limit of free stories
Unlock The Ultimate Startup Intelligence With Inc42 Plus

Join 10,000+ Startup Founders & Leaders And Gain The Ultimate Startup Edge

Prices Increases In
countdownmail.com
2 YEAR PLAN
₹19999
₹5999
₹249/Month
UNLOCK 70% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3499
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag-Inc42 Media
Phone Numbers Of 3 Lakh WhatsApp Users Exposed Due To Encryption Lag-Inc42 Media
You’re in Good company