WhatsApp bug leaves your mobile number accessible via Google Search; details inside

By: |
Published: June 8, 2020 5:52 PM

Click to chat feature is used by various websites to interact with its visitors without the visitors needing to save the WhatsApp number.

whatsapp, whatsapp bug, whatsapp public numbers, whatsapp security issue, google indexing whatsapp numbers, whatsapp features, whatsapp security, whatsapp click to chat securityThis feature can lead to abuse, fraud and identity theft.

WhatsApp number in Google Search: WhatsApp’s ‘Click to Chat’ feature is leaving the phone numbers of users vulnerable to Google indexing, making them appear on Google Search. According to bug bounty hunter Athul Jayaram, the phone numbers of users who use the ‘Click to Chat’ feature on different websites are “leaked” and he calls it a security bug, according to a report on Threatpost. Social media giant Facebook, which owns WhatsApp, however, terms this as “no big deal” according to the report, saying that the search results on Google only reveal the information which the users have chosen to make public, in the first place.

Click to chat feature is used by various websites to interact with its visitors without the visitors needing to save the WhatsApp number. This makes interaction between users and the website owners quick and simple. It can be done via a QR code (developed by a third-party service) or a URL which links to the WhatsApp number of a website owner. This way, the website visitor gets the phone number without having to dial it and save it in the address book.

As per Threatpost, Jayaram has said that those numbers are now vulnerable to having been exposed to Google Search, since Google indexes the metadata produced from this feature. The report said that a URL string reveals the vulnerable phone numbers in plain text.

The report quoted Jayaram as saying that the mobile numbers of such users are available in plain text and anyone who has the URL can access the numbers, with no way to revoke it. Threatpost report further stated that the bug bounty hunter has so far found 3 lak WhatsApp numbers. He said that while only the numbers are available on this URL, the profiles pictures linked to these numbers can also be seen, with the help of which, fraudsters and scammers can run reverse image search to establish the identity of the users. Hence, he said, this feature can lead to abuse, fraud and identity theft due to this security issue.

Jayaram further told Threatpost that while some users were aware that their numbers were public, since they had chosen to make it that way, some others were not aware of the public nature of their numbers. Some even told him that they had set up the click to chat feature so that users could connect to them for their business without their numbers being made public.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Hong Kong: Facebook, WhatsApp, Telegram block law enforcement requests for user data
2Great initiative! Facebook partners with CBSE to provide courses on AR, online wellbeing
3Zoom plans significant investment in India over the next five years; highlights Indian descent of its top executives