WhatsApp flaw exposed data of 3.5 bn users worldwide

New Delhi: A major vulnerability in WhatsApp left the personal details of nearly 3.5 billion users exposed, a research report from the University of Vienna has claimed. The team of researchers uncovered a weakness in the platform’s contact discovery feature that allowed them to systematically check every possible phone number and identify active WhatsApp accounts on a massive scale.

Meta, the owner of the messaging service, was made aware of the problem and has taken steps to resolve the issue.

They generated over 100 million queries per hour using an automated method and ultimately gathered information on users from 245 countries.

Although the information retrieved was limited to data already visible to anyone having a phone number -- such as public keys, profile photos, “about” text, and timestamps -- the researchers said these fragments were enough to infer additional insights, including a user’s operating system, how long they had been on the platform, and the number of linked devices.

But what makes the discovery even more troubling is that a similar warning had been issued eight years ago. In 2017, a security researcher had flagged the absence of limits on the number of phone number checks a user could perform-a gap that made large-scale scraping possible. Despite this early warning, the vulnerability remained unpatched until the University of Vienna team showed just how easily it could be exploited.

They extracted 30 million US phone numbers in the first half hour of testing and continued collecting data without resistance from the WhatsApp servers.