Source of this article and featured image is Wired Security. Description and key fact are generated by Codevision AI system.
A security flaw in WhatsApp allowed researchers to expose 3.5 billion phone numbers and associated user data by exploiting its contact discovery feature. Austrian researchers from the University of Vienna demonstrated how automated checks of phone numbers could reveal profile photos and text for millions of users. Meta acknowledged the issue and implemented rate-limiting measures to prevent mass scraping, though the data remained accessible until October 2023. The vulnerability highlights longstanding privacy risks, as similar concerns were raised in 2017 by Dutch researcher Loran Kloeze. This incident underscores the need for stronger safeguards against unintended data exposure in messaging platforms.
Key facts
- Researchers extracted 3.5 billion WhatsApp phone numbers by systematically checking all possible numbers through the app’s contact discovery feature.
- The study revealed that 57% of exposed users had their profile photos accessible, while 29% had public text from their profiles.
- Meta addressed the issue by introducing rate-limiting measures, but the data was available until October 2023.
- The vulnerability was previously reported in 2017, yet no long-term solution was implemented to prevent scraping.
- Cryptographic key duplication in WhatsApp accounts raised concerns about potential message decryption risks.
TAGS:
#cybersecurity research #data exposure #phone number enumeration #privacy breaches #WhatsApp security
