As reported by TechAdvisor, WhatsApp says it has fixed an issue that meant some users’ phone numbers were showing up unintended in Google search results. Researcher Athul Jayaram posted about the flaw on 7 June, saying “his privacy issue in the WhatsApp web portal that leaked around 29000–300000 WhatsApp user’s mobile numbers in plaintext accessible to any internet user”.
This was down to the behaviour of WhatsApp’s Click to Chat feature where users can start conversations with people using a phone number but without saving the phone number in their contacts. It creates a link via which you can open a new chat. Jayaram found that it was possible to expose phone numbers from Click to Chat by running a search for “site:wa.me”.
WhatsApp is an easy-to-use communicating platform, but it doesn’t have privacy at the heart of the app. Although this flaw has been patched, it highlights the lack of privacy and protection of its users.
Bad actors are very clever at using minimal information to target their victims. With just a simple phone number and a link to a chat group, there’s a chance the victim could be manipulated into a targeted smishing attack where they are coerced into offering over more personal details, such as bank account details.
It should never be underestimated what scam artists can do with the simplest of information and so it is best to keep your apps up to date and always stay alert to any form of scam.