A WhatsApp feature may be exposing users' phone numbers on Google search

A new security vulnerability may have been uncovered in Facebook-owned messaging platform WhatsApp. The platform’s “Click to Chat” feature might be exposing users’ phone numbers on Google search. According to cybersecurity researcher Athul Jayaram, the mobile numbers of users are available on Google search in the plain text format.

The researcher claims that it could be a major privacy issue and suggests nearly three lakh phone numbers of WhatsApp users may have been exposed in plaintext. The Click to Chat feature on WhatsApp is used by several websites to start a chat session on the platform with those visiting the site. This feature allows users to engage in conversations on the messaging app directly without storing a contact on your phone.

Jayaram claims that utilising this feature can land a user’s phone number in public search results, exposing him/her to all manner of scams and cyberattacks. In a blog post, he wrote; “This privacy issue could have been avoided if Whatsapp encrypted the user mobile numbers as well as by adding a robots.txt file disallowing the bots from crawling their domain and a meta noindex tag on the pages, unfortunately, they did not do that yet, and your privacy may be at stake.”

It is worth noting that the feature only makes the phone numbers of those users searchable on Google who have chosen to make them public by generating their links. However, Gadget 360 confirmed that the issue was first reported by WaBetaInfo in February this year.

A spokesperson for WhatsApp told Threatpost, “While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”