To say WhatsApp is in privacy hot water would be accurate, if not an understatement. And when it rains, it pours, as the company seems to have another privacy issue on its hands. An issue for the company last year has cropped up again, allowing phone numbers to be searched for via Google.
In June, you could run a Google search for phone numbers via WhatsApp’s wa.me domain. Now the same thing can be done via the web.whatsapp.com domain instead. The discovery was made by security researcher Rajshekhar Rajaharia, who shared it on Twitter.
The researcher also pointed out that WhatsApp has a text file called “Robots.txt” that is supposed to stop Google from indexing its websites. But the fact that phone numbers can be searched this way indicates that they are not working properly.
15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don't know why WhatsApp is still not monitoring their website and google. This is 3rd time.#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google pic.twitter.com/D6o1emxDgv
— Rajshekhar Rajaharia (@rajaharia) January 15, 2021
Beyond that, HotHardware reports that WhatsApp has another website that apparently generates verification codes. At first glance, it looks quite worrying, as it is as if it allows you to generate specific verification codes of your own. And it certainly gets worse when paired with searchable phone numbers.
Even if the verification code “generator” doesn’t actually do much, it can certainly still be used to scam the less technically literate. Which could be used as another reason to migrate from the now Facebook-owned messaging platform.
(Source: Rajshekhar Rajaharia / Twitter, HotHardware)
