Atul Jayaram, a cybersecurity specialist from India, has warned WhatsApp users that their personal data is at risk of leakage. He wrote about this on a blog on the Medium website. According to him, the Click to Chat function was to blame for the insecurity of these messenger users. Its essence lies in the fact that a QR code is assigned to the phone number. To start a conversation on WhatsApp with the owner of this number, you do not need to enter the phone, just scan the code.
Jayaram noted that Google indexes Click to Chat metadata, so users’ phone numbers end up online. The expert himself discovered on the network about 300 thousand valid phone numbers.
Other data (for example, first and last names) of users do not leak into the network, however, attackers can easily find them if desired. For example, by searching the URL with a phone number on Google, you can find other information about the owner of the number. In addition, scammers can use this data to create databases that spammers can use.
In early June, it was reported that WhatsApp had a new fraud scheme, using which attackers could gain access to the accounts of their victims. Theft of profiles became possible due to binding to the phone number and the SMS verification messenger used by the messenger.