WhatsApp was exposing users’ phone numbers in Google search
WhatsApp claims it fixed an issue that was showing users’ phone numbers in Google search results, TechCrunch reports. The change comes after security researcher Athul Jayaram revealed that phone numbers of WhatsApp users who used the Click to Chat feature were being indexed in search.
Click to Chat allows users to create a link with their phone number in plain text. According to Jayaram, because the links don’t have a robot.txt file in the server root, they cannot stop Google or other search engine bots from crawling and indexing the links. Jayaram says as many as 300,000 phone numbers may have appeared in Google search results, and they could be found by searching “site:wa.me.”
As TechCrunch notes, Jayaram isn’t the first to report this issue. WaBetaInfo pointed it out in February. While the issue seems to be fixed, it’s a pretty big security flaw and apparently it’s been a problem for at least several months.
According to Facebook, it was already working to fix the issue and the phone numbers found by Jayaram were old results cached by the search engine. Those should be removed as the site continues to re-index websites and finds the no-index tag.
As you may remember, in 2018, Facebook stopped letting people search for users by their phone numbers. WhatsApp has also taken steps to improve chat security by letting users block group chat invites from strangers or select contacts.
Update 6/9/2020 3:25PM ET: This story was updated to note that Facebook was already working to fix this issue before it was revealed by Athul Jayaram.