Looks like WhatsApp has another bug in its system and hackers can easily have access to thousands of mobile numbers of these users. It is another big blunder series this week after Google which was sued for collecting millions of user data on incognito mode.
Founded by a known bug-bounty hunter Athul Jayaram, the contact numbers of thousands of people are just a click away. This is merely a blunder by the company who now says that there’s nothing to worry about. There are a lot of things your number can be used to. For spamming, selling on the black market, and whatnot. There is an end number of ways a hacker can misuse your contact number. Let’s see how it happens
Click to Chat was launched by WhatsApp to allow users message a particular number on the web. A user can click on the QR code of the website owner to have a conversation with them without having to add the contact details in their device. This was created to save the time of the users and not having the hassle to add the numbers they want to contact instantly.
The bug here is the numbers scanned in the click to chat QR is scanned by the Google Crawler bots and they’re indexing everything on Google. This happens because the WhatApp invite link created is on a domain (https://wa.me/phone-number). So this affects all the indexing and hence the ‘leaked numbers in Google.
This is technically a bounty and when Jayaram contacted WhatsApp, the owner Facebook replies that this is not included in any bounty program and users always get the option on WhatsApp to block the spam contacts or messages they’re getting. Jayaram also says that all the exposed numbers are there on Google and you cannot revoke it in any way.
Since WhatsApp only works through numbers, only the number is indexed in Google and not the other details of the users. In some cases, you can access the profile picture of the user which can be reverse searched on Google to get the proper information about any victim from the 300,000 lists of numbers. You can easily check all the list of numbers by going to Google and typing ” site:wa.me “+91” “.
According to the blog by threat post, Jayaram also said that “your mobile number linked to multiple wallets right now, an attacker can do SIM swapping just by your number. WhatsApp is not ready to change their system for now so you’re at risk. Just make sure not you get fooled by any scam these days and contact your banks if you get spam messages for OTP or any other thing for that matter.
