App

Your WhatsApp phone number could appear in Google Search

As per bug-bounty hunter Athul Jayaram, there is a bug in WhatsApp’s Click to Chat feature and this
put phone numbers of the users at risk.

WhatsApp has added a number of features, but then there have been reports which suggest the one
such feature has a bug which will make a WhatsApp user’s phone number appear in Google Search
results.

As per bug-bounty hunter Athul Jayaram, there is a bug in WhatsApp’s Click to Chat feature and this
put phone numbers of the users at risk as Google Search was able to index them. This has
compromised the privacy of a lot of users.

Now, if we give you information about the feature, Click to Chat and allows users to initiate a
WhatsApp chat with another user without saving their phone numbers saved in the sender’s address
books. This then allows websites to interact with their visitors without the visitor having to punch in
the phone number.

Jayaram also says that the phone numbers of the visitors who use this feature to establish
connection with the website and it shows up in Google Search results as the search indexes the
feature’s metadata.

He also says that users’ phone numbers are visible in plain text in the URL —
https://wa.me/<phone_number> — and this has made it easy for scammers to compile a list of
legitimate phone numbers. So far, he has found 300,000 indexed on Google.

“As individual phone numbers are leaked, an attacker can message them, call them, sell their phone
numbers to marketers, spammers, scammers,” he said in a statement to Threatpost.

“Through the WhatsApp profile, they can see the profile photo of the user, and do a reverse-image
search to find their other social-media accounts and discover a lot more about [a targeted
individual],” he added.

Responding to the claims, WhatsApp said: “While we appreciate this researcher’s report and value
the time that he took to share it with us, it did not qualify for a bounty since it merely contained a
search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users,
including businesses, can block unwanted messages with the tap of a button.”

Related posts

Your WhatsApp account temporarily blocked – Here’s what you need to do

The-digital-buyer

FACEBOOK’s New All-Caps Logo Gets a Thumbs Down From TWITTER

The-digital-buyer

Tinder testing in-app live trivia for select users: Find details

The-digital-buyer

Leave a Comment

nineteen + 14 =