Have you been receiving spam WhatsApp messages from unknown numbers recently and wondering how your number ended up in sender's contact list? This could be due to a problem first discovered and fixed last year by the messaging platform WhatsApp, which seems to have reappeared once again. Last year, a report had revealed a flaw that exposed thousands of phone numbers associated with WhatsApp on the internet. Following the report, WhatsApp somehow found a way to fix the flaw and the links showing user's phone numbers were removed from the search results but security researchers claim that it has made a comeback.
Reported first in June 2020, a security researcher revealed how WhatsApp phone numbers were accessible via search engines. "I discovered this privacy issue in the WhatsApp web portal that leaked thousands of WhatsApp user's mobile numbers in plaintext accessible to any internet user in plaintext" security researcher Athul Jayaram tells India Today. Pointing towards the possible repercussions, Jayram warns that users could get a lot of spam and unwanted messages from fraudsters, cybercriminals and spammers in this way, using the dataset. Following the reports last year report, Whatsapp had managed to settle the flaw and even rolled out an update, successfully removing such links, most likely with cooperation from Google, however, that now looks like "more of a temporary fix".
Jayaram explains that as of now, a number of random Whatsapp users' mobile numbers can once again be accessed using a simple Google search query which can be further narrowed down to a country using the country code in the search query. Users affected are from all the countries including those from the US, UK and India.
Talking about a more permanent solution, he suggests that such a privacy issue could have been avoided if Whatsapp encrypted or hashed the user mobile numbers as well. In that case, "WhatsApp URLs appearing in search engines would be totally unpredictable and random". In that case, even if it shows up somewhere on the internet the phone numbers of the users remain inaccessible in plaintext. Earlier WhatsApp said that such internet search results "merely contained a search engine index of URLs that WhatsApp users chose to make public".
" Since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website," a WhatsApp spokesperson said in a statement.
While there are some reports on the Internet that claim the issue is resolved; however, it seems too early to claim that as there are still chats being pulled on Search. This means that WhatsApp will have to again work closely with Google to resolve the issue like it did in June 2020.