Security News > 2020 > June > Whatsapp blamed own users for failure to keep phone number repo off Google searches

Whatsapp blamed own users for failure to keep phone number repo off Google searches
2020-06-12 21:02

An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google.

Athul Jayaram, a self-described "Full time bug bounty hunter", published a blog post earlier this week highlighting that a large number of Whatsapp users' mobile numbers could easily be found by searching Google for the domain "Wa.me".

"This feature does not encrypt the phone number in the link, as a result, if this link is shared anywhere, your phone number is also visible in plaintext," said Jayaram in his blog post.

It decided to blame its own users for its privacy screwup, telling Techcrunch that Jayaram's findings "Merely contained a search engine index of URLs that WhatsApp users chose to make public." A spokesman added to the site: "All WhatsApp users, including businesses, can block unwanted messages with the tap of a button."

Me has since been cleansed from Google, now the whole world and its malicious dog knows where to go to find a nice big repository of active phone numbers for smishing, SIM swapping and all the other ways in which bad people can steal personal and/or financial data starting with an active mobile phone number.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/12/whatsapp_google_search_results_blunder/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Whatsapp 5 1 11 13 16 41