WhatsApp security 
WhatsApp security A new study from the University of Vienna has revealed a severe vulnerability in WhatsApp that exposed personal details of nearly 3.5 billion users worldwide. The flaw, found in the platform’s contact discovery feature, allowed researchers to scan every possible phone number and identify active accounts at extraordinary speed.
Meta, which owns WhatsApp, was informed of the issue and has since taken corrective action.
According to the researchers, an automated method enabled them to generate more than 100 million queries per hour. In total, they harvested data linked to users across 245 countries. Although the retrieved information consisted only of details already visible to anyone with access to a phone number, such as profile photos, public keys, “about” texts and timestamps, the team said these fragments could reveal much more. They were able to infer a user’s operating system, how long they had been using WhatsApp and the number of devices linked to the account.
The findings are particularly alarming given that this class of vulnerability had been reported before. In 2017, a security researcher warned that WhatsApp imposed no practical limits on the number of phone number checks a person could perform, leaving the door wide open for large-scale scraping. Despite that early alert, the flaw remained in place until the University of Vienna team demonstrated how trivially it could be exploited.
During their tests, they obtained 30 million U.S. phone numbers within the first 30 minutes and continued to collect data with no interference from WhatsApp servers.
In a statement to 9to5Mac, Meta thanked the researchers for identifying the issue and highlighted that they had discovered a new enumeration technique that bypassed existing safeguards. The company added that it had already been developing more advanced anti-scraping tools and that the study helped validate the strength of its latest protections. Meta confirmed that the researchers securely deleted the data and said it had found no evidence suggesting malicious exploitation of the vulnerability.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
Swiggy raises ₹10,000 crore in QIP, funds to fuel Instamart, tech and M&A growth
GRAP-4 in Delhi-NCR explained: Check list of dos & dont's ahead of your Sunday plans
‘Heads bankers win, tails taxpayers lose’: Robert Kiyosaki explains why the system is rigged
India engages Mexico over up to 50% tariff hike, raises MFN concerns
Delhi AQI worsens: GRAP Stage IV imposed across NCR hours after Stage III amid rising pollution
India Today@50 | India Today Group Leadership Rings NSE Ceremonial Bell
Brahmani Nara Discusses Purpose, Impact And Why Politics Isn’t On Her Horizon | #BTMPW2025
Brahmani Nara On Carving Her Own Path, Steering Heritage Foods Toward Value-Added Growth | #BTMPW2025
The Big Consumer Evolution | Anupriya Acharya On Brands, Data & New India | #BTMPW2025
#BTMPW2025 | India’s Next-Gen Women Leaders Share Powerful Leadership Insights
IndiGo, BEL, KEC International, IOC, Wipro among stocks in focus next week; here's why
Is Elon Musk’s SpaceX IPO the biggest ever? What Indian investors need to know
2.5 crore women investors added in last 10 years: NSE CEO Ashish Chauhan
Eternal-backed Shiprocket files updated DRHP for Rs 2,342 crore IPO; key details
Wealth creators of 2025: 10 multibagger stocks that skyrocketed over 1,000% this year