WhatsApp Phone Numbers Pop Up in Google Search Results - But is it a Bug?

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://threatpost.com/whatsapp-phone-numbers-google-search-results/156141/
A researcher is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find. But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chosen to make public anyway.

Bug-bounty hunter Athul Jayaram, who discovered the issue, calls the phone numbers “leaked” and characterizes the situation as a security bug that puts WhatsApp users’ privacy at risk.

Click to Chat offers websites an easy way to initiate a WhatsApp chat session with website visitors. It works by associating a Quick Response (QR) code image (created via third-party services) to a site owner’s WhatsApp mobile phone number. That allows a visitor to scan the site’s QR code or click on a URL to initiate a WhatsApp chat session – without the visitor having to dial the number itself. That visitor however still gains access to the phone number once the call is initiated.

The problem, Jayaram said, is that those mobile numbers can also turn up in Google Search results, because search engines index Click to Chat metadata. The phone numbers are revealed as part of a URL string..., this in effect “leaks” the mobile phone numbers of WhatsApp users in plaintext, according to the researcher’s view.
Click to expand...
WhatsApp describes Click to Chat as a convenience perk, allowing users to begin a chat with someone without having their phone number saved in their phone’s address book.

“Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers,” a WhatsApp spokesperson told Threatpost.
Click to expand...
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: stefanos, dinosaur07, Gandalf_The_Grey and 5 others
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • Wow
Hot Take Google announces WhatsApp chat backups will count against your cloud storage, no longer free
Replies
0
Views
511
Cloud storage, file sharing and encryption
CyberTech
CyberTech
enaph
    • Wow
    • Like
    • +Reputation
Database of nearly 500 million WhatsApp users’ mobile phones is up for sale
Replies
2
Views
766
News Archive
Zero Knowledge
Z
Ink
    • Like
    • +Reputation
Malware News 12 Malicious Messaging Apps found on Google Play Store; VajraSpy RAT
Replies
0
Views
875
Security News
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top