A security researcher has warned Facebook for a Whatsapp feature ‘Click to Chat’ that is exposing phone numbers of users on Google that can be seen by anyone.
WhatsApp’s click to chat feature allows you to begin a chat with someone without having their phone number saved in your phone’s address book. WhatsApp’s click to chat feature allows you to begin a chat with someone without having their phone number saved in your phone’s address book
A security researcher named Athul Jayaram has discovered a flaw on WhatsApp and described it as a bug that is putting users’ privacy at risk.
Click to Chat feature or Bug?
According to the researcher, the phone numbers of the users using this feature are indexed on Google search because the search indexes the search meta-data. The researcher also said that the phone numbers are visible on URL= https://wa.me/<phone_number> in plain text and can make it easier for scammers to scam the users.
Your mobile number is visible in plain text in this URL, and anyone who gets hold of the URL can know your mobile number. You cannot revoke it
Said Jayaram
He also said that around 300,000 WhatsApp phone numbers are indexed on Google search results.
The researcher also said that he was able to see the profile pictures on WhatsApp along with their phone numbers and any skilled hacker can reverse the image search and can collect information about the users.
Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers
A WhatsApp spokesperson told
Facebook’s Opinion
After discovering the bug on May 23 the researcher contacted Facebook via its bug bounty program. However, Facebook responding to him said that the data abuse is only covered for Facebook platforms, and not for WhatsApp.
While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button
He said
