WhatsApp users’ phone numbers and chats exposed on Google

Security researcher discovers WhatsApp Web users’ phone number and messages could again be found by strangers via search engines like Google. — OLIVER GRAUMNITZ/Pixabay

WhatsApp’s privacy woes have resurfaced, after users’ phone numbers and messages were discovered being indexed by search engines.

Cybersecurity researcher Rajshekhar Rajaharia tweeted that WhatsApp Web users’ data was being indexed on Google again, pointing out that this was the third time the issue had occurred.

When information is indexed, it can be found in a search engine and made public. As such, companies generally take measures to prevent private data from being indexed.

He had pointed out a similar issue earlier on Jan 11, where users’ profiles and invitations to join group chats were exposed on Google, which enabled strangers to potentially find users’ phone numbers or even join chats.

WhatsApp responded by removing the group invites and profile links from Google’s search.

It also issued a statement to tech website Gadgets360, saying that it had included the “noindex” tag on all deep link pages (a type of link that sends users directly to an app), which should exclude them from being indexed.

“We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time,” added the spokesperson.

In regards to the latest leak, Rajshekhar noted that WhatsApp was using a “Robots.txt” file and a “disallow all” setting, to instruct Google not to index anything.

Though a Robots.txt, or robots exclusion protocol, is generally used to instruct web crawlers (which index pages) to stay away, Google was still indexing WhatsApp user data.

Rajshekhar explained why this was still occurring: Google requires page owners not to use Robots.txt when using the “noindex” tag, as stated in its search indexing help page.

This is because the features clash, with Google unable to detect the “noindex” tag if it was being stopped by Robot.txt.

As of publication time, WhatsApp has not responded to Rajshekhar on how it would resolve the latest problem.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


88% readers found this article insightful

Next In Tech News

Towards record PC sales in 2021
Facebook removes Thai military-linked information influencing accounts
Explainer: How brands will target ads to you after the death of browser cookies
Parler sues Amazon again, after dropping original lawsuit
Google won't use other web tracking tools after phasing out cookies
European telcos cash in on tower assets as high-cost 5G investment looms
Emerging Europe.com bolsters defences as Amazon enters Poland
Labour rights issue at forefront of Spain’s gig economy with potential regulation
Musk floats ‘Starbase’ name change for Texas launch town
Number of Germany's electric vehicle charge points rise 10% since December

Stories You'll Enjoy