Your WhatsApp Phone Number Can Appear In Google Search Results Report.
An unaffiliated cybersecurity researcher has discovered a security bug in Facebookowned WhatsApp is leaking users’ telephone numbers linked to their own WhatsApp accounts in Google Search results placing the societal messaging website in a risk.
Athul Jayaram who discovered the vulnerability mentioned the bug in question pertains to WhatsApp’s ‘Click to Chat’ attribute, where the hyperlinks are created.
WhatsApp’s Click to Chat feature gives users a simple method to initiate to talk with visitors on sites.
According to Jayaram, the telephone numbers of the users using this attribute of Click to Chat, to connect with sites can display in Google Search results, as the lookup indexes the feature’s metadata.
The telephone numbers shown as part of a URL string
This attribute does not encrypt the contact number in the connection, consequently, if this connection is shared anywhere, your telephone number is also observable in plaintext.
This makes it a lot easier for visitors to compile a listing of legitimate telephone numbers.
Jayaram found that the privacy issue in the WhatsApp net portal leaked around , WhatsApp consumer ‘s mobile numbers in plain text making it accessible to any internet user.
As individual telephone numbers are leaked, an attacker can message them, call them, sell their telephone numbers to marketers, spammers, scammers, he told Threatpost.
Jayaram said that since WhatsApp identifies only telephone numbers instead of usernames or email IDs, Google Search disclosed only the telephone numbers rather than the identities of the consumers of the social messaging website. However, this information may be utilized to get the profiles of WhatsApp users.
Throughout the WhatsApp profile, they could observe the profile photo of the user, and do a reverseimage hunt to locate their other socialmedia accounts and find far more about a targeted person , he added.
In accordance with Jayaram, using the combination of a telephone number with a name and address could be a powerful starting point for an identity thief. Most consumers do use the same profile picture on other social networking accounts, the user profiles may be also easily figure out, he said.
He noticed that consumers from the United States, the uk, India and almost all other nations are affected. What causes this easy or seems to be easy is that information is accessible on the open web rather than reverse number on the dark web, Jayaram said.
After discovering the bug on May , Jayaram contacted Facebook through its bugbounty program and educated them about the matter.
On the other hand, the company responded by stating that data abuse is only covered for Facebook platforms, rather than for WhatsApp. It also added that the problem is not a bug and the numbers are people because the consumers desired them to be.
Our Click to Chat feature, which lets users create a URL by using their telephone number so that anyone can easily message them, is utilized widely by small and microbusinesses across the world to get in touch with their clients, WhatsApp said in a statement to the novel.
While we value this researcher’s report also value the time he took to discuss it , it did not qualify for a bounty since it merely included a search engine index of URLs which WhatsApp users chose to make people.