sb.scorecardresearch

Published 19:03 IST, June 9th 2020

Your WhatsApp number could be available in Google Search results? Read here

Your WhatsApp number is at the risk of being leaked as a cybersecurity researcher has discovered a bug that allows users' numbers to show up on Google Search.

Reported by: Danish Ansari
Follow: Google News Icon
  • share
Whatsapp
null | Image: self

A cybersecurity researcher named Athul Jayram has found a WhatsApp bug that prompts thousands of phone numbers to appear on Google search. The flaw in the WhatsApp web portal has affected users from countries like India, the US and the UK, among others. Athul has revealed that the bug is part of the app’s Click to Chat feature which puts a user's number on Google Search to be indexed.

Also Read | How To Send A Blank Message On WhatsApp Without Using A Third-party App?

What is WhatsApp ‘Click to Chat’ feature?

The ‘Click to Chat’ is a feature that allows users to initiate a WhatsApp conversation with another user without having to save their phone numbers in the phone’s address book.

The feature was introduced two years ago and is especially convenient for business communication. It also allows websites to chat with their visitors where the visitors wouldn’t need to dial in the phone number. The process essentially works by creating QR codes or URL links for users that can be used by anyone to reach them using WhatsApp. Once the call is made, the visitor gets access to the person’s phone number.

Also Read | How To Use Microsoft Teams: Create, Schedule And Add Members To Team Meetings

Security concerns for WhatsApp users

The biggest flaw of the ‘Click to Chat feature’ is that Google’s search engine also adds their phone number to Google’s search index by indexing the feature’s metadata. According to Athul, who is a cybersecurity researcher, a user’s mobile number gets revealed as part of a URL string which goes on to leak the phone numbers for that particular WhatsApp user in a plaintext. However, the worst part is that it can’t be revoked.

Also Read | WhatsApp Video Call Update: WhatsApp All Set To Boost Group Video Calling For Users

The researcher also stated that the system actually makes it much easier for spammers to collect a user’s mobile number to spam them. He further added that over 3,00,000 phone numbers have been leaked on Google Search in plain text. What makes it all the more disturbing is that he was also able to view the profile pictures of WhatsApp users. This can actually make it easier for a hacker to perform a reverse search on an image on Google to track down the user’s location.

Athul discovered the bug on May 23 and contacted Facebook regarding the issue. The company responded that the issue does not qualify for a bug bounty as only Facebook platforms were part of the bounty program. Additionally, the company suggested that it isn’t that big a deal as users choose to make the information public.

Also Read | How To Reactivate Instagram Account After You Have Disabled It?

Image credits: Allie Smith | Unsplash

Updated 19:03 IST, June 9th 2020