Our and your data is at risk! Have 3.5 billion WhatsApp phone numbers been leaked? Meta provides clarification
Researchers discovered a vulnerability in WhatsApp's contact discovery system. This security flaw could have been exploited to scrape billions of phone numbers. Meta stated that the issue has been fixed and no major abuse occurred.
WhatsApp privacy issue: If you use WhatsApp for messaging and chatting, this is important news for you. It is being claimed that 3.5 billion WhatsApp phone numbers have been leaked.
The important thing is that this is being said to have happened due to a meta error. Raising serious questions about WhatsApp security, a new research has revealed that due to a serious flaw in the platform, the phone numbers of approximately 3.5 billion users were exposed. The company claimed that user data is safe and no misuse has been reported.
How research found this major flaw in WhatsApp
Security researchers at the University of Vienna found that billions of phone numbers could be extracted by repeatedly using WhatsApp's contact check feature in an automated manner.
According to Wired, searching for any number on WhatsApp reveals whether the user is currently on the platform, and often even reveals a profile photo and name.
The researchers explained that by repeating this function millions of times, they could obtain the phone number of nearly every WhatsApp user in the world.
In just 30 minutes, they collected 30 million American phone numbers, which gives an idea of the severity of the threat. They later deleted the entire data and reported it to Meta.
This threat could have become the biggest data leak in history
The report stated that this flaw, if it fell into the wrong hands, could have resulted in the world's largest data leak. WhatsApp's popularity rests on the platform's ability to recognize a person as soon as their number is saved.
According to Wired, by repeating this feature billions of times, anyone's phone number and profile data could have been scraped.
However, the researchers, acting responsibly, did not make the data public and immediately alerted Meta. This clearly demonstrates how quickly users' privacy can be compromised.
What Meta says and how security has been strengthened
A Meta spokesperson responded to 9To5Mac, saying they were grateful for the researchers' vigilance and their participation in the Bug Bounty program.
The company acknowledged that a new enumeration technique bypassed security limitations and allowed publicly available information to be scraped.
Meta claimed that its new anti-scraping systems proved effective immediately and found no evidence of malicious activity. The company also stated that due to WhatsApp's end-to-end encryption, messages remained completely secure and no non-public data was accessed.