WhatsApp: Did a flaw in WhatsApp cause a data leak? Find out the truth about the public disclosure of user numbers and profile photos..

A major security flaw has been discovered in WhatsApp, exposing the phone numbers and profile photos of approximately 3.5 billion people worldwide. Meta reports that the flaw has now been fixed, and no evidence of misuse has been found. Nevertheless, this issue is considered a significant threat to public privacy.

How did this flaw occur?

According to researchers, a vulnerability existed for a long time in WhatsApp's contact-discovery system. This system lacked a rate limit, meaning anyone could repeatedly check phone numbers to see if they were on WhatsApp. Using this vulnerability, researchers from the University of Vienna used a simple technique to scrape billions of phone numbers worldwide. They were able to check millions of numbers every hour without any restrictions. This technique also allowed them to obtain the profile photos and status/texts of many accounts. The researchers say that if this method fell into the wrong hands, it could have become the "largest data leak in history."

How long has this vulnerability existed?
According to the researchers, this vulnerability has existed since at least 2017. Meta has previously been informed of concerns about data scraping. WhatsApp's contact-discovery feature is designed to sync users' address books, but it inadvertently became a source for large-scale data extraction.

What did Meta say about the incident?
Meta acknowledged this was a design flaw, but has now fixed it by imposing a rate limit. The company says they found no evidence of misuse, that messages remained secure because they were end-to-end encrypted, and that only data considered public, such as phone numbers and profile photos, was visible. WhatsApp's Vice President of Engineering, Nitin Gupta, said the study helped test their new security systems.

What was the biggest threat?
The researchers' technique worked even in countries where WhatsApp is banned, such as China, Iran, Myanmar, and North Korea. This could have seriously threatened the security of users in those countries.

What did the researchers do?
They reported the flaw to Meta. After completing the study, they deleted all the data they had created. It took Meta approximately six months to fix the problem.

Disclaimer: This content has been sourced and edited from Amar Ujala. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.