"For about 57% of those users, they also found that they could access their profile photos, and for another 29%, the text on their profiles. Despite a previous warning about WhatsApp's exposure of this data from a different researcher in 2017, they say, the service's parent company, Meta, still failed to limit the speed or number of contact discovery requests the researchers could make by interacting with WhatsApp's browser-based app, allowing them to check roughly a hundred million numbers an hour."
"For about 57% of those users, they also found that they could access their profile photos, and for another 29%, the text on their profiles."
Austrian security researchers used WhatsApp's browser-based contact discovery to submit massive lists of phone numbers. For about 57% of tested users they could access profile photos, and for another 29% they could read profile text. A 2017 warning about exposure of this data had not led to rate limits. Meta did not limit the speed or number of contact discovery requests, allowing roughly 100 million number checks per hour. The method leveraged the browser-based app's interface to enumerate numbers at scale, exposing large volumes of user profile data to automated probing without effective server-side throttling.
Read at Social Media Today
Unable to calculate read time
Collection
[
|
...
]