"Repeat that same trick a few billion times with every possible phone number, it turns out, and the same feature can also serve as a convenient way to obtain the cell number of virtually every WhatsApp user on earth-along with, in many cases, profile photos and text that identifies each of those users. One group of Austrian researchers have now shown that they were able to use that simple method of checking every possible number in WhatsApp's contact discovery to extract 3.5 billion users' phone numbers from the messaging service."
"For about 57 percent of those users, they also found that they could access their profile photos, and for another 29 percent, the text on their profiles. Despite a previous warning about WhatsApp's exposure of this data from a different researcher in 2017, they say, the service's parent company, Meta, still failed to limit the speed or number of contact discovery requests the researchers could make by interacting with WhatsApp's browser-based app, allowing them to check roughly a hundred million numbers an hour."
Austrian researchers bulk-queried WhatsApp's contact discovery by checking tens of billions of phone numbers and extracted 3.5 billion user phone numbers. For roughly 57 percent of those numbers, profile photos were accessible, and for another 29 percent, profile text was retrievable. The queries were performed via WhatsApp's browser-based app at a rate of about one hundred million numbers per hour because Meta did not implement effective speed or request limits. The exposure represents a sprawling leakage of personal information affecting a significant portion of the global population and echoes an unresolved 2017 warning.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]