Apparently, a bug in WhatsApp has leaked the phone numbers of this app user on Google Search. Phone numbers of around 29,000 to 300,000 users have been leaked online. This bug has arisen due to a Click to Chat feature on WhatsApp. The researchers have denied the seriousness of this issue.
The alleged process, the click-to-chat feature, allows users to create a link through which other users can get in touch with the user directly. According to a source, WhatsApp does not encrypt the phone numbers, as they do with the chats, so when the click-to-chat link is shared, the phone number gets exposed in plain text.
A cybersecurity researcher Athul Jayaram said, “Your mobile number is visible in plain text in this URL, and anyone who gets hold of the URL can know your mobile number. You cannot revoke it.”
So, if a user has clicked the ‘Click to Chat” option and shared it on social media platforms, the number of user also gets shared online. This could prove to be dangerous if internet scammers get a hold of those numbers.
“This privacy issue could have been avoided if Whatsapp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta no-index tag on the pages. Unfortunately, they did not do that yet and your privacy may be at stake,” Jayaram wrote in his blog.
In response to these claims a WhatsApp spokesperson said in a statement, “While we appreciate this researcher’s report and value, the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public.
All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
