WhatsApp: Google indexes numerous click-to-chat numbers

A number of WhatsApp phone numbers appeared publicly in Google’s search. Will this become a privacy problem for users?

Click-to-chat numbers allow people or companies to simply click on their phone number via QR code or URL to get into a chat. Hundreds of thousands of numbers provided in this way have now been discovered in Google search. Security researcher and bug bounty hunter Athul Jayaram had discovered the numbers and sees public access as a problem for user privacy. WhatsApp mother Facebook emphasizes, however, that there have been no data protection violations here.

300,000 WhatsApp phone numbers found on Google

In the publisher Threatpost, Lindsey O’Donell reports of Jayaram’s discovery, which at first glance seems alarming. Because numerous phone numbers that WhatsApp users have given for Click to Chat are now publicly available. On the one hand, WhatsApp explains that indexing only made public what Google had decided to publish anyway. On the other hand, the Click to Chat function is mainly used by business customers – whose numbers are usually public anyway.

Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers,

a spokesman told Threatpost. With Click to Chat, which works via mobile and WhatsApp Web, the numbers are integrated into a pre-made URL string. WhatsApp explains the process:

The pre-made message is automatically displayed in the text field of a chat. Use https://wa.me/whatsapptelefonnummer/?text=urlcodiertertext. Replace it whatsappphone number with the full telephone number in international format and url-encoded text with your pre-made message in URL encoding.

Athul Jayaram points out to Threatpost that the numbers can be seen in the plain text and can be read publicly by third parties. This should be considered by the users who have opted for the feature.

Indexed numbers as an opportunity for spammers?

Search engine crawlers such as Google Bot can now index numbers that are given in plain text, as in this example. So stressed Jayaram at Threatpost:

As individual phone numbers are leaked, an attacker can message them, call them, sell their phone numbers to marketers, spammers, scammers.

However, WhatsApp identifies its users via the phone numbers. Therefore, only numbers that could not be associated with individual users were visible at Google. Nevertheless, the profiles of the WhatsApp users could be viewed via the indexed URLs; however, that was the basic purpose of the click-to-chat function, even if some users might not want to present their number to every searcher on Google.

In this case, while there is no data protection leak on WhatsApp, Athul Jayaram warns of the possibility of identity theft. There was no bonus for the supposed mistake Jayaram discovered at the end of May. Because a WhatsApp spokesman emphasizes:

While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.

Google, on the other hand, on whose search engine the numerous numbers have been indexed, does not see itself as responsible for the publication and any associated problems. Because the search engine indexes public URLs and is unable to remove them. In a similar case, Google SearchLiaison chief Danny Sullivan said on Twitter:

However, WhatsApp users and webmasters who set URLs for telephone numbers have the option of using robots.txt to persuade the crawlers not to index these pages. Nevertheless, users should always be aware that created URLs hardly ever go undetected on the web if no specific measures are taken for this.

Digital Experience Platform

Why a good omnichannel strategy is essential for companies today and how you can plan it effectively – read now!

Download now for free

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *