Athul Jayaram: WhatsApp numbers of users from the US, UK, India and many other countries could have been leaked. Around 29,000-3,00,000 user’s mobile numbers are now accessible in plain text to any internet user
WhatsApp numbers of users from the US, UK, India and many other countries could have been leaked and be available on the open web in plain text. It has been discovered by cyber security researcher Athul Jayaram. He claims on Medium that around 29,000-3,00,000 user’s mobile numbers are now accessible in plain text to any internet user. The number of numbers accessible to you may differ due to Google bot crawl daily and its indexes are updated, also the search results vary in google.com, google.co.in and similar regional TLD’s. User’s affected are from United States, United Kingdom, India and almost all other countries. What makes this easy or appears to be simple is that data is accessible on the open web and not on the dark web.
How the vulnerability works according the cyber security expert
According to the cyber security researcher, Facebook removed the feature to search users with their phone numbers a year ago due to privacy risk and impact leaking phone numbers. Few days back, WhatsApp launched a new feature where friends can add you to their list by scanning a QR code. Every account is provided a unique QR code which when decoded shows a URL pointing to https://wa.me/. Whatsapp uses chat.whatsapp.com to generate group invite links while the Whatsapp Web send message API uses api.whatsapp.com and forwards the request to web.whatsapp.com. Well, WhatsApp does also have a click to chat feature where the links are generated as https://wa.me/. This feature does not encrypt the phone number in the link, as a result, if this link is shared anywhere, your phone number is also visible in plaintext.