WhatsApp Is Leaking User Phone Numbers In Google Searches And Customizable Verification Codes
The crazy train that is WhatsApp right now does not look like it will be stopping any time soon. After the privacy policy fiasco, which is still developing, other issues have popped up simultaneously. It appears that Google is indexing a WhatsApp subdomain that can share users’ phone numbers. Furthermore, there are also other issues with WhatsApp that scammers can use to social engineer people, as we are just now learning. This is an absolute nightmare for privacy and security again, and should concern every WhatsApp user at present.
Last year, WhatsApp had chat invite links indexed on Google, meaning they were searchable by anyone who knew what to look for. The search techniques could be adapted to then extrapolate more phone numbers from the WhatsApp platform. Now, this is happening again but on a different WhatsApp subdomain, web.whatsapp.com. With a simple Google search using patterns, search terms, and tricks, anyone can find a phone number from web.whatsapp.com. This was found by security researcher Rajshekhar Rajaharia who tweeted out his findings shown below.
15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don't know why WhatsApp is still not monitoring their website and google. This is 3rd time.#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google pic.twitter.com/D6o1emxDgv
— Rajshekhar Rajaharia (@rajaharia) January 15, 2021
This time, @WhatsApp is actually using a “Robots.txt” file and a “disallow all” setting, so they are instructing @Google not to index anything. Google is still Indexing.#InfoSec
— Rajshekhar Rajaharia (@rajaharia) January 15, 2021
Overall, users need to be worried about their safety and privacy on the WhatsApp platform. WhatsApp should have learned the first time this happened in 2020 and improved, but that is not the case. Perhaps that is why so many people are flocking to rival Signal at the moment...