WhatsApp Click to Chat Feature Leads to Data Leak

An independent cybersecurity researcher, hailing from India, has claimed that the WhatsApp web portal has leaked about 29,000-30,000 mobile numbers belonging to WhatsApp users.  This leak comes in plaintext, accessible to any internet user. Athul Jayaraman is a specialist who has titled himself a full-time bug bounty hunter. He explained that the numbers are visible on Google, and users from the United Kingdom, the United States, and India have been affected the most. As a response to the leak, WhatsApp said that the findings do not qualify for a bug bounty, since they merely contain a search engire index of URLs that WhatsApp users have decided, with consent, to make public.

Jayaraman have explained that WhatsApp’s brand new feature allows users and friends to get their list by scanning a QR code, which, when decoded, point to a URL. In this new and controversial feature, the messaging service even has a click to chat option, where links are being generated. Jayamaran has stated that this does not actually encrypt the phone number in the link, making the number visible in plaintext to anyone that accesses the URL.

In a public statement in which WhatsApp responds to the findings of the researcher, a WhatsApp representative has explained that the click to chat feature allows users to create a URL, using just their phone number. This makes it easy for anyone to message them, being used by a lot of micro and small businesses all around the globe so that they can connect easier with their customers. While we appreciate the value brought by this research, this did not qualify for a bounty because it simply contained a search engine index of URLs that were made public by WhatsApp users by choice. All users of WhatsApp, including businesses, are able to block any unwanted messages simply with the press of a button.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *