Home / Technology / WhatsApp Flaw Exposes Billions of User Profiles
WhatsApp Flaw Exposes Billions of User Profiles
19 Nov
Summary
- Researchers accessed 3.5 billion WhatsApp profiles via a contact discovery flaw.
- Metadata, including phone numbers and locations, was harvested from exposed profiles.
- WhatsApp states the issue is fixed, and no malicious actors exploited the vulnerability.
Cybersecurity experts have uncovered a significant vulnerability in WhatsApp, enabling access to approximately 3.5 billion user profiles. The flaw exploited the app's contact discovery mechanism, which normally helps users find contacts via phone numbers. Researchers found this mechanism had no limits on search requests, allowing them to query millions of phone numbers hourly.
This exploit provided access to metadata including phone numbers, location, device type, and account age, though message content remained encrypted due to end-to-end encryption. The researchers highlighted the risks associated with centralizing global messaging on a few platforms, noting that such metadata can pose privacy risks when aggregated.
Meta, WhatsApp's parent company, confirmed that the vulnerability has been addressed and mitigated. They stated that industry-leading anti-scraping systems were already in place and were confirmed effective by this study. The researchers have securely deleted the collected data, and Meta reported no evidence of malicious actors abusing this vector.
