Telephone numbers registered on WhatsApp are exposed on the internet. According to the author of the discovery, “the numbers can be easily found on Google” and subject the bearers to scams and participation in unwanted campaigns.
A feature known as “Click to Chat” is exposing phone numbers of WhatsApp users on the internet. The tool allows people to create links to start a private conversation. This feature has become especially useful for business accounts and delivery, since it is possible to attach a simple link to any page or generate a QR Code to speed up customer contact.
Athul Jayaram, author and bounty bug hunter, claims that this tool poses a great risk to messenger users. He warns that the URL address of “Click to Chat” exposes WhatsApp users to scams, unwanted campaigns and spam.
This is because the address of the link for quick chat contains the user’s number, considering that it consists of a standard link followed by the phone number (https://wa.me/). Jayaram criticizes this transparency and informs that special search tools can find all the links created so far – which, moreover, cannot be revoked.
“Everything normal” for Facebook
In response, Facebook responded by WhatsApp and denied it was a security breach. The company says that the tool is designed to streamline communication between messenger users and that the user’s privacy choices are preserved when accessing the link.
That is, if a user decides to display his profile picture only for contacts, the choice will prevail when someone unknown accesses the link. Therefore, it does not represent a major risk to the community, as they can easily protect themselves against inconvenience.
Athul Jayaram’s bounty bug reward was denied by the social network. At first, the company claimed that WhatsApp is not part of Facebook’s rewards program. Soon after, a spokesman justified declassifying the discovery by stating that the numbers are made public at the request of users and that they “can prevent receiving unwanted messages with a simple click”.