It seems impossible for you to get away with it. A simple security flaw exploited by Austrian researchers allowed them to recover around 3.5 billion euros of phone numbers on WhatsApp, specialist site Wired reported this Tuesday. Profile photos and text can also be recovered in most cases, according to the same source.
The method used by these researchers was simple: all phone numbers were tested in WhatsApp’s contact search function, allowing them to identify which numbers had accounts on the Meta group instant messaging service. According to research presented by Wired, the American group, which also owns Facebook and Instagram, does not set a limit on the number of possible requests to search for contacts via the WhatsApp web page.
Numbers, SMS, profile photos…
According to the researchers, this data leak would have been considered the “largest data leak in history” if it had not occurred as part of a “responsibly conducted” study. “The dataset contains phone numbers, timestamps, SMS information, profile photos and public keys for encryption. Its disclosure would have dangerous consequences for the users concerned,” the researchers wrote, in their study which can be accessed on the Github platform.
The researchers indicated that they notified Meta of this security breach, stating that the recovered data would be used for scientific purposes and “will never be made public.” Contacted Meta France did not immediately respond to our request. But the American company, quoted by Wired, thanked the researchers by describing the data obtained as “basic public information”.
“We have worked on a state-of-the-art anti-scratch system (to prevent this type of data recovery, Editor’s Note)and this research is important to test its robustness and ensure its effectiveness,” Nitin Gupta, vice president of engineering at WhatsApp, told Wired. “We found no evidence of exploitation of this flaw by malicious actors,” the same source continued.
