Skip to main content

WhatsApp’s ‘Click to Chat’ feature exposed some phone numbers on Google search

WhatsApp is one of the most popular messaging apps in the world with over a billion users. Now, a security researcher has found a flaw with WhatsApp that has exposed some phone numbers through Google search.

Athul Jayaram, an independent security researcher from India, explains in a post on Medium (via Android Central) that WhatsApp’s “Click to Chat” feature has been exposing phone numbers to the public. The Click to Chat feature is designed for businesses, offering a quick link for users to click to start a conversation between a business and a customer. These links are generated using the wa.me shortlink.

The feature sound innocent enough, but it seems to have had an unintended consequence. The links apparently store phone number data in plain text, not encrypting the data at all. This would be fine if they were hidden, but the web pages associated with those links aren’t using the “noindex” metadata to avoid being scooped up by search engines.

What does that mean? For up to 300,000 WhatsApp users who used the “Click to Chat” feature, their phone number may be easily discoverable on Google search. This issue seems to have occurred in all regions including the United States, India, and more. The “leaked” pages contain not only phone numbers, but also profile pictures of those users as well. Finding the data was as simple as using “site:wa.me” in Search and inputting an area code afterward.

google search whatsapp click to chat data leak

It’s important to note that Google is by no means at fault here. The search engine is just doing its job, indexing the web and making that data relatively easy to find.

Realistically, this issue was low-risk for many users, but it’s still good to know that WhatsApp/Facebook have already patched things up.

More on WhatsApp:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Schoon Ben Schoon

Ben is a Senior Editor for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.