Home Technology A simple WhatsApp security flaw exposed billions of phone numbers – yours might be among them
Technology

A simple WhatsApp security flaw exposed billions of phone numbers – yours might be among them

by wellnessfitpro
written by wellnessfitpro

If you use WhatsApp, you might be surprised to know that a group of Austrian researchers managed to extract the phone numbers of 3.5 billion WhatsApp users. Yours might be among them as well. Here’s everything you need to know.

Honestly, anyone could’ve scraped every WhatsApp number out there

When you want to check whether a number is registered on WhatsApp, you simply search for that number on the platform. If the number is associated with a WhatsApp account, you’ll see the profile picture and the name set for it. Security researchers at the University of Vienna in Austria used this same technique to extract the WhatsApp numbers of 3.5 billion users.
While searching for flaws in WhatsApp’s end-to-end encryption system, Austrian researchers discovered that the platform lacks rate-limiting protection to prevent abuse of its feature that checks whether a number is registered on WhatsApp. Within just half an hour, they were able to extract 30 million WhatsApp numbers registered in the U.S. by exploiting this flaw. By the end of their research, they had collected the WhatsApp numbers of 3.5 billion users worldwide.

All they did was change the number sequence, and ta-da! WhatsApp revealed whether that number was registered on the platform. About 57% of these 3.5 billion WhatsApp users had their privacy settings configured to show their profile picture to everyone. As a result, the researchers were easily able to collect their profile photos as well. They could also view the profile text of 29% of these 3.5 billion WhatsApp users.

WhatsApp had been sitting on this flaw since 2017

Interestingly, WhatsApp’s parent company, Meta, was made aware of this flaw back in 2017 by another group of researchers. However, Meta didn’t take any action on the matter at that time, and it remained possible to easily check whether a number was registered on WhatsApp or not.
In April this year, Austrian researchers submitted their findings to Meta on how big a security risk this flaw poses to WhatsApp. Bad actors could easily use the simple trick to extract photos and phone numbers of a large number of WhatsApp users. What are the chances they haven’t already exploited this flaw to steal data?

Fortunately, in October this year, Meta finally enforced a stricter rate-limiting measure on WhatsApp, which will ensure that such mass-scale contact discovery is no longer possible on the platform. The security researchers have also securely deleted their database containing all the extracted phone numbers and related data.

WhatsApp competitors like Signal already come with rate-limiting protection. As a result, you won’t be able to perform mass-scale contact discovery as WhatsApp used to allow.

Another security negligence in Meta apps

This isn’t the first time Meta’s apps have found themselves in the news due to security flaws. In 2021, the database of 530 million Facebook users was publicly leaked online. Interestingly, even then, bad actors used a WhatsApp-like vulnerability to access the data. They exploited Facebook’s feature that allowed users to search profiles by phone number to scrape the personal information of 530 million users.

No doubt, WhatsApp is great in many ways. It’s free, supports end-to-end encryption, allows group video calls, and more. But after hearing about its security flaws and its habit of collecting data, I don’t feel confident enough to use WhatsApp anymore. I’ve recently switched to Signal, and I’m loving it. It collects almost no data at all and offers many advanced privacy features, such as call relay, which hides your IP address during calls, and screen security, which prevents others from taking screenshots of your conversations.

Travel Easy with Nomad eSIM – 25% Off

25% off eSIM data-only plans & global coverage – enter code IPHONE25, sign up required

This offer is not available in your area.

#simple #WhatsApp #security #flaw #exposed #billions #phone #numbers #among

You may also like

The Galaxy and the iPhone finally go their...

When will iPhone 18 come out? Apple’s new...

Last year’s Google Pixel 9 is a Black...

Aluminum vs Titanium: I took a FLIR to...

Forget the Galaxy S25 Ultra — Pixel 9...

Pixel 10 Pro XL drops to its lowest...

Microsoft’s Elite Surface Pro 11 with 32GB RAM...

Amazon’s epic Google Pixel 10 Pro Fold deal...

I can’t believe my favorite small Android phone...

Apple Watch Ultra 2 drops to its lowest...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.