The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

WhatsApp can reveal your phone number in Google searches

2020-06-10 17:44 by
Tags:

 

According to security researcher Athul Jayaraman from India, WhatsApp's Click to Chat feature can potentially leak a user's phone number in public search results, opening the door to all manner of scams and cyberattacks.

Jayaraman claims that the WhatsApp web portal had "leaked around 29,000–3,00,000 WhatsApp user's mobile numbers in plaintext accessible to any internet user". To get those results, he did a site-specific Google search for numbers on a WhatsApp-owned domain and thousands of phone numbers popped up. The numbers were visible on Google and users from the United States, United Kingdom and India were among the most affected.

Click to Chat is a lesser-known WhatsApp facility that allows website visitors to converse with website operators via the messaging service. For example, if a visitor to an ecommerce site had a query about a listing, they could scan a QR code to be entered into a WhatsApp conversation with the relevant helpdesk.

The feature sounds innocent enough, but it seems to have had an unintended consequence. The links apparently store phone number data in plain text, not encrypting the data at all. This would be fine if they were hidden, but the web pages associated with those links aren't using the "noindex" metadata to avoid being scooped up by search engines.

In a statement, a WhatsApp spokesperson said that Click to Chat, is designed to help users, especially small and microbusinesses around the world connect with their customers.

"While we appreciate this researcher's report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button," the spokesperson added.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About