CATEGORIES
home News

WhatsApp Is Leaking User Phone Numbers In Google Searches And Customizable Verification Codes

by Nathan OrdMonday, January 18, 2021, 12:35 PM EDT
whatsapp facebook apps
The crazy train that is WhatsApp right now does not look like it will be stopping any time soon. After the privacy policy fiasco, which is still developing, other issues have popped up simultaneously. It appears that Google is indexing a WhatsApp subdomain that can share users’ phone numbers. Furthermore, there are also other issues with WhatsApp that scammers can use to social engineer people, as we are just now learning. This is an absolute nightmare for privacy and security again, and should concern every WhatsApp user at present.

Last year, WhatsApp had chat invite links indexed on Google, meaning they were searchable by anyone who knew what to look for. The search techniques could be adapted to then extrapolate more phone numbers from the WhatsApp platform. Now, this is happening again but on a different WhatsApp subdomain, web.whatsapp.com. With a simple Google search using patterns, search terms, and tricks, anyone can find a phone number from web.whatsapp.com. This was found by security researcher Rajshekhar Rajaharia who tweeted out his findings shown below.
When we reached out for comment, we also learned more about his findings. It seems that WhatsApp has a text file in place which should stop Google from indexing its websites, but that does not appear to be working. Clearly, however, WhatsApp is not monitoring its subdomains either, which is another issue in and of itself.
Furthermore, while publicly available phone numbers are bad, it gets worse. Rajaharia reported on a website from WhatsApp that spews verification codes that are customizable by whoever visits the website. When you pair the leaked phone number with a fake verification code, scammers can act like WhatsApp employees by texting a link to users and then reading the verification code to the customers as if they see it in the backend. Evidently, this is an issue in India, but it could spread to more technically illiterate users globally.
whatsapp verification rendered
You can try this out for yourself here: https://v.whatsapp.com/123456?s=1

whatsapp business verification rendered
Business customers can also be affected: https://b.whatsapp.com/123456?s=1

Overall, users need to be worried about their safety and privacy on the WhatsApp platform. WhatsApp should have learned the first time this happened in 2020 and improved, but that is not the case. Perhaps that is why so many people are flocking to rival Signal at the moment...
Tags:  Google, security, Privacy, cybersecurity, WhatsApp, (nasdaq:goog)
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment