WhatsApp users’ phone numbers and chats exposed on Google

Security researcher discovers WhatsApp Web users’ phone number and messages could again be found by strangers via search engines like Google. — OLIVER GRAUMNITZ/Pixabay

WhatsApp’s privacy woes have resurfaced, after users’ phone numbers and messages were discovered being indexed by search engines.

Cybersecurity researcher Rajshekhar Rajaharia tweeted that WhatsApp Web users’ data was being indexed on Google again, pointing out that this was the third time the issue had occurred.

When information is indexed, it can be found in a search engine and made public. As such, companies generally take measures to prevent private data from being indexed.

He had pointed out a similar issue earlier on Jan 11, where users’ profiles and invitations to join group chats were exposed on Google, which enabled strangers to potentially find users’ phone numbers or even join chats.

WhatsApp responded by removing the group invites and profile links from Google’s search.

It also issued a statement to tech website Gadgets360, saying that it had included the “noindex” tag on all deep link pages (a type of link that sends users directly to an app), which should exclude them from being indexed.

“We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time,” added the spokesperson.

In regards to the latest leak, Rajshekhar noted that WhatsApp was using a “Robots.txt” file and a “disallow all” setting, to instruct Google not to index anything.

Though a Robots.txt, or robots exclusion protocol, is generally used to instruct web crawlers (which index pages) to stay away, Google was still indexing WhatsApp user data.

Rajshekhar explained why this was still occurring: Google requires page owners not to use Robots.txt when using the “noindex” tag, as stated in its search indexing help page.

This is because the features clash, with Google unable to detect the “noindex” tag if it was being stopped by Robot.txt.

As of publication time, WhatsApp has not responded to Rajshekhar on how it would resolve the latest problem.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Amazon.com launches Kindle that users can write on
India's massive card security deadline unlikely to be extended
Exclusive-Brands blast Twitter for ads next to child pornography accounts
Lilium aims to build 400 air taxis a year, seek grants
EU proposes rules making it easier to sue drone makers, AI systems
Apple falls on fears of slowing iPhone 14 demand
Russia demands Apple explain VK removal from App Store
Taiwan says chip companies in talks about Europe investment
Elon Musk and Twitter dig for evidence as trial looms
Elon Musk seeks to end SEC 'muzzle' requiring pre-approval of tweets

Others Also Read