WhatsApp prides itself on its end-to-end encryption and other new features that they recently introduced. But what they probably didn’t expect is that a security issue would come out that exposed their users’ data for those who knew how to do a simple Google search. They immediately acted on creating a fix for the security flaw even as they did not acknowledge that it was an issue in the first place. Hopefully, there are no lasting consequences for some of these users that had their numbers leaked.
The problem came out of their QR code feature that was released earlier this year. It was supposed to make it easier to invite people to join a WhatsApp group. But instead of using the relatively secure group invite link system, it used a URL shortening system that didn’t use encryption to hide the phone number in its link. Because of this, sharing the QR code in a place that is crawled by Google bots resulted in numbers showing up in Google search results.
Of course, not everyone would know immediately to do that but those who knew how found more than 30 thousand results. Some of them were WhatsApp-connected phone numbers that could be copied in plain text. Some of them were actual messages sent in conversations that used the unencrypted wa.me system. These results were up for hours so we don’t know how many people were able to get the info.
Forbes said WhatsApp initially dismissed the report and said it was not a security problem since all users and businesses could block unwanted messages with just a tap of a button. But later on, they did fix the problem and now you probably will not get any more search results that displayed thousands of connected numbers.
We’ll find out from security experts if this fix was enough to solve this issue. Now is not a good time for messaging apps to have security issues that would lose them users as there are a lot of other options out there.