WhatsApp have exposed over 300,000 of their user’s phone numbers via public Google search results. This was when researchers found that the messaging services “Click to Chat” feature which allows users and businesses to generate URL’s through which other uses can reach them, does not hide their user’s phones numbers in the links using encryption.
The Google listings don’t appear to have released any other personal information, but researchers have found that they can view users chats and photos of users who haven’t made their data private through WhatsApp’s security options. The main users affected are from the UK, US and India but users from loads of other countries have reported that their numbers have been exposed.
A WhatsApp spokesperson has spoken out saying: “While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public,” a spokesperson said. “All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
Whilst being able to block this information is all well and good, we at 121 IT still recommend you be as cautious as you can with your mobile number. It can be linked with a whole variety of sensitive things such as bank accounts, credit cards, Bitcoin wallets etc. This could allow attackers to perform SIM card cloning attacks to access these accounts. Safety of personal and sensitive information should be a high priority for all users and businesses. If you have any worries or queries about your or your businesses security, get in touch.
Photo by Allie on Unsplash