Your Mobile Numbers are in danger of being leaked as a cybersecurity member has encountered a bug that enables user numbers to be uncovered on Google Search results.
According to a bug hunter, Athul Jayaram, a flaw in WhatsApp’s web portal has leaked numbers of approximately 29,000 users from the United States, India, the United Kingdom, and other countries.
The bug appears with WhatsApp’s click to chat characteristic that lets a user start a chat on the app with another user whose mobile number isn’t stored in the phone’s contact list. The characteristic needs the sender to create a link using the mobile number of the people they want to message on the app.
Jayaram demonstrates in his blog post on Medium, that the click to chat characteristic creates the link via WhatsApp’s web portal and does not encrypt the mobile number. So, the mobile number is noticeable in clear text in the link itself which will be visible as ‘https://wa.me/’. The mobile numbers can simply be obtained by running a Google search query, and there is also a way to seek for mobile numbers from a particular country applying the country’s calling code.
Jayaram mentioned that he was capable to find about 29,000 mobile numbers on Google Search and apparently, also communicated a few of them on WhatsApp. The users whose mobile numbers are imperiled are exposed to phishing strikes by threat performers. Additionally, depending on their privacy settings, the users’ display photos, profile status, and fair names can also be viewed.
The point that user mobile numbers are in danger seems concerning but for now, it seems WhatsApp doesn’t particularly think this is a problem. When asked about the bug by Threatpost, a WhatsApp spokesperson said, “While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
A similar bug was found with WhatsApp a few months ago, where links to join private WhatsApp Groups were being indexed on Google Search. When reported, the bug was described as an “intentional product design” by Facebook but was seemingly fixed later.
I’ve also experienced the same thing several times.
News Credit – Mashable India