Home News WhatsApp Flaw Exposes 3.5 Billion Users’ Phone Number
News

WhatsApp Flaw Exposes 3.5 Billion Users’ Phone Number

178

Researchers from the University of Vienna discovered a major privacy flaw in WhatsApp: they were able to enumerate 3.5 billion registered phone numbers using a simple trick involving WhatsApp’s contact-discovery feature. By checking whether a number is on WhatsApp, the researchers collected not only phone numbers but also associated profile data — including profile photos for over half of those accounts, and “About” texts for nearly 30%.

They did this by automating requests through WhatsApp Web at extremely high speed — around 100 million numbers per hour, with no real barrier from WhatsApp. The scale of this enumeration is unprecedented.

The vulnerability had been flagged before, in 2017, but it was only in October 2025 that WhatsApp added stricter rate-limiting protections to slow down this type of mass scraping. Meta, WhatsApp’s parent company, thanked the researchers through its bug bounty programme. Meta insists that the exposed data was “public by default” and that the end-to-end encryption protecting user messages was never compromised.

The researchers also raised concerns about how phone numbers are used as unique identifiers. They argued that this model is problematic because it makes large-scale data collection easier. They suggest that WhatsApp should switch to a more privacy-respecting system — such as usernames — to avoid this risk in future

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...