Mobile numbers of many WhatsApp users are available via a simple Google search, says independent cybersecurity researcher Athul Jayaram. He discovered that a “privacy issue in the WhatsApp web portal leaked about 29000-30000 WhatsApp user’s mobile numbers in plain text accessible to any internet user.”
Jayaram said, “What makes this easy or appears to be simple is that data is accessible on the open web and not on the dark web.” This was first reported by Threatpost. He noted that the users affected are from the United States, the United Kingdom, India and several other countries.
Jayaram contacted Facebook and informed them about the issue to which the company reportedly said that data abuse is covered only for Facebook platforms and not WhatsApp.
“This privacy issue could have been avoided if Whatsapp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta no-index tag on the pages, unfortunately, they did not do that yet and your privacy may be at stake,” said Jayaram.
“With a big user base, they should care about these vulnerabilities. Today, your mobile number is linked to your bitcoin wallets, aadhar card, bank accounts, UPI, credit cards leading an attacker to perform SIM card swapping and cloning attacks by knowing your mobile number,” he added.
