US EditionWhatsApp Security Vulnerability Discovered by Researchers
A WhatsApp flaw exposed 3.5 billion numbers and profile data, with 57% linked to profile photos, due to Meta’s delayed fix after an eight-year warning.
- Austrian researchers from the University of Vienna used a simple exploit to extract 3.5 billion WhatsApp phone numbers, exposing nearly every user on the platform.
- WhatsApp's contact-discovery feature allowed unlimited phone-number checks, enabling automated enumeration at roughly a hundred million numbers an hour, and the 2017 security researcher first reported this flaw, yet Meta left it unaddressed for more than eight years.
- Using automated checks, the research team captured the first 30 million US phone numbers in half an hour and accessed profile photos for about 57 percent and profile text for about 29 percent of examined accounts.
- The researchers deleted their copy and alerted Meta through responsible disclosure channels; Meta thanked them, said exposed data was basic publicly available information, and noted messages remained end-to-end encrypted.
- Experts note the potential scale of abuse as the researchers say the same exploit used by bad actors would have produced the largest data leak and marks the most extensive exposure of phone numbers.
17 Articles
17 Articles
While investing in the safety and protection of users, whatsApp does not solve problems. Security researchers have discovered a serious vulnerability that has allowed about 3.5 billion...
WhatsApp security vulnerability discovered by researchers
IT-Security Researchers from the University of Vienna and SBA Research identified and responsibly disclosed a large-scale privacy weakness in WhatsApp's contact discovery mechanism that allowed the enumeration of 3.5 billion accounts. In collaboration with the researchers, Meta has since addressed and mitigated the issue.
WhatsApp (Meta) is the most popular messenger service in the world - but not the safest, as a team of six from Vienna now shows. Due to the security gap, they managed to view 3.5 billion user accounts, sometimes even with a profile photo.
A Global Account Mapping Event Reveals What WhatsApp Metadata Can Expose
Researchers at the University of Vienna uncovered a weakness in WhatsApp’s contact discovery process that let them confirm more than 3.5 billion active accounts across 245 countries. The team relied on the same basic mechanism that helps users find contacts through phone numbers. WhatsApp checks each number against its registry. The researchers found that the system allowed an unusually high volume of lookups from a single source, which opened t…
Coverage Details
Bias Distribution
- 50% of the sources lean Right
Factuality
To view factuality data please Upgrade to Premium
