Add thelocalreport.in As A Trusted Source
Security researchers have made a discovery Serious vulnerability with WhatsApp Which exposes the phone numbers of more than 3 billion users worldwide.
The privacy flaw could be exploited by cybercriminals to gather profile information and guess the identity of users of the world’s most popular messaging app, which could be used to carry out highly targeted attacks.
Privacy weakness exposed by a team from the University of Vienna and SBA Research WhatsApp‘s contact search mechanism, which asks users for permission to match mobile numbers in their address book to the app’s central database.
This allows WhatsApp to show which contacts are using the messaging app, although the enumeration mechanism can also be used by malicious actors to scrape phone numbers, profile photos and the ‘About’ status of users.
“These findings remind us that even mature, widely trusted systems can have design or implementation flaws that can have real-world consequences,” said researcher Gabriel Gegenhuber of the University of Vienna.
“They show that security and privacy are not one-time achievements, but must be constantly reevaluated as technology evolves.”
The team’s findings were published a preprint paper The title ‘Hey There! You’re using WhatsApp: Calculating three billion accounts for security and privacy.’
Security experts described the discovery as a “wake up call” for platforms that are still using phone numbers as user identification, which they warned are too public, too permanent, and too easily scraped to be used for this purpose.
“This issue highlights a fundamental problem with WhatsApp’s architecture: the phone number itself is its weakness,” said Marijus Briedis, chief technology officer at VPN and security firm NordVPN. Independent,
“WhatsApp uses numbers as its main identification system, [so] The attackers were able to automatically test billions of them and pull back profile details at extraordinary speed.
Mr Briedis said that with someone’s phone number, profile photo and status, cyber criminals would be able to carry out highly targeted impersonation attacks.
“On a larger scale, it becomes a goldmine for scammers, criminals and well-resourced cyber groups,” he said.
Meta, WhatsApp’s parent company, has since addressed and mitigated the issue, although it is unclear whether hackers took advantage of the flaw before it was fixed. Independent Have contacted Meta for more information.
A former security chief of WhatsApp recently accused Meta of violating cybersecurity rules, putting billions of people at risk.
Attaullah Baig, who served as WhatsApp’s security chief from 2021 to 2025, filed a lawsuit in September in the US District Court for the Northern District of California alleging that WhatsApp has failed to address the hacking and takeover of more than 100,000 accounts every day.