Independent security researcher Rajshekhar Rajaharia on Friday shared some screenshots. The screenshots shared with IANS showing personal mobile numbers of WhatsApp users on Web version via indexing. Rajaharia told IANS, “The leak is happening via WhatsApp on Web. If someone is using WhatsApp on a laptop or an office PC, the mobile numbers are being indexed on Google Search. These are mobile numbers of individual users, not business numbers.”
In another tweet, he said, “This time, WhatsApp is actually using a “Robots.txt” file and a “disallow all” setting, so they are instructing Google not to index anything. Google is still Indexing.”
Last week a similar incident happened which reveals group chat links on Google. Many group links were available on google search from which anyone can join a group just by a Google search. “Despite WhatsApp advising users and telling Google to remove the earlier exposed group chat links, the mobile numbers via WhatsApp Web application are now being indexed on Google Search,” said Rajaharia.
Soon WhatsApp recognizes the issue and releases a statement. The statement says, “since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing.”
“We have given our feedback to Google to not index these chats. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
The issue was first exposed in February by app reverse-engineer Jane Wong. Jane Wong found that Google has around 470,000 results for a simple search of “chat.whatsapp.com”. A part of the URL that makes up invites to WhatsApp groups.
However, according to Rajaharia, the latest issue has not been addressed so far by either the Facebook-owned platform or Google.