.png){kind=logo}
Researchers from the University of Vienna discovered a serious WhatsApp security flaw. The team showed that an automated lookup method could confirm active WhatsApp numbers at massive scale. The test suggested about 3.5 billion phone numbers were vulnerable.
The researchers ran rapid number combinations to check which numbers matched WhatsApp accounts. The system captured roughly 30 million US numbers in thirty minutes. The team deleted the collected data after the test.
The flaw relied on WhatsApp’s contact discovery and weak rate limits. Attackers could have automated lookups to map phone numbers to accounts. The method did not require access to WhatsApp’s internal database.
Phone numbers serve as core identity points on the platform. Wide availability of numbers raises risks of spam, phishing, robocalls and impersonation. Exposed profile photos and status texts can deepen identity threats. Security experts warn that compiled datasets would be a rich target for scammers.
Meta confirmed that researchers responsibly disclosed the issue. The company said the findings helped validate improvements to anti-scraping systems. Meta stated no evidence exists of criminal abuse so far. The firm also said message encryption remained intact.
Researchers claim the weakness dates back to 2017. Critics note that rate-limiting is a basic defence that should have been stronger. The delayed public acknowledgement has stoked debate about transparency from large tech firms.
For users in nations with heavy WhatsApp use, the impact goes beyond chat. Phone numbers link to payments, small business contacts and daily services. Any leak of numbers can therefore harm financial and social activities. Experts urge tighter privacy settings and caution around unknown calls.
The incident highlights how a single platform flaw can create a global privacy risk. The discovery shows that widely used conveniences can enable large-scale data scraping. The security community calls for clearer disclosure practices and faster fixes. Independent audits and stronger rate limits can reduce such risks in future.
Also Read – WhatsApp is Testing Multi-Account Feature for iPhone Users; What We Know So Far
