A significant privacy flaw in the famous and widely used instant messaging platform WhatsApp has exposed the phone numbers and profile photos of 3.5 billion people across the world. Cybersecurity researchers had discovered that a technical issue allowed external websites and third-party tools to access user information even without being added as contacts.
Researchers at the University of Vienna were able to pull 3.5 billion phone numbers by leveraging a “simple” method that took advantage of WhatsApp’s contact-discovery feature.
This has raised serious concerns about personal data security on one of the world’s most widely used instant messaging apps.
What exactly happened?
According to cybersecurity experts, a flaw was linked to WhatsApp’s “Click to Chat” feature, which allows users to start a chat without saving a phone number. When this link was generated, it sometimes leaked user details through publicly accessible URLs on search engines. As a result, phone numbers, profile pictures, and even names became visible to anyone who knew where to look.
Global Impact
Since WhatsApp has more than two billion users, the flaw potentially exposed information from almost every user worldwide. This kind of data leak can put people at risk of spam, scams, impersonation, and cyber-harassment.
Therefore, privacy experts are saying this again that sensitive data like phone numbers should never be publicly accessible, especially on platforms that position themselves as secure.
WhatsApp’s Response!
Meta, which is the parent company of WhatsApp, has said the issue has now been fixed. Moreover, the company also stated that its system is designed to give users control of their privacy through settings such as “Who can see my profile photo.”
However, digital rights activists say that the platform needs stricter safeguarding systems to protect users. Additionally apps and companies should be more transparent about leaks when vulnerabilities are discovered.
Why This Matters?
This incident shows how even trusted social media apps can expose users data due to overlooked technical issues.
In an era when billions of people rely on messaging apps for personal, professional, and financial conversations, protecting basic details like phone numbers is essential for these platforms and apps.
Cybersecurity experts recommend that users review their privacy settings regularly and stay alert to unusual activity on their accounts.
