3.5 B Phone Numbers Breached by WhatsApp Security Loophole
3.5 B Phone Numbers Breached by WhatsApp Security Loophole
“A security loophole in WhatsApp led to the breach of around 3.5 billion Phone Numbers.”
Even though parent firm Meta had been informed of the vulnerability back in 2017, a significant WhatsApp security bug revealed the phone numbers of nearly every user worldwide.
3.5 billion phone numbers were extracted from the messaging service by security experts using what they called a “simple” attack.
Researchers
| “The largest data leak in history” would have occurred if malicious actors had employed the same exploit. |
The most egregious part of the privacy failure is that Meta was notified of the issue more than eight years ago by another security researcher, and throughout that period, the firm neglected to put in place the really basic security measures required to address it.
One factor contributing to WhatsApp’s widespread use is how simple it is to make new contacts on the messaging app: When you add someone’s phone number, WhatsApp immediately displays whether or not they are using the service, along with their name and profile picture.
It turns out that if you repeat that same trick a few billion times with every possible phone number, the same feature can also be used to easily obtain the cell number of almost every WhatsApp user on the planet, along with, in many cases, the text and profile photos that uniquely identify each user.
In 2017, a security researcher discovered that the corporation has no cap on the number of phone number checks you can perform, making this type of attack possible. Amazingly, eight years later, a team of Austrian researchers from the University of Vienna managed to get the phone numbers of nearly all WhatsApp users by taking advantage of the exact same vulnerability.
After capturing the first 30 million US phone numbers in only thirty minutes, they just continued.
Naturally, the researchers acted correctly by notifying Meta and erasing the phone number database. It took the corporation an additional six months to put in place a rate-limiting tool to stop this kind of widespread exploitation of the feature.
WhatsApp asserts that it was already addressing this issue and that it has not discovered any proof of malevolent parties taking advantage of the vulnerability.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Cloudflare Down LIVE: Global Outage has been resolved, which took down ChatGPT, X, and others
About Author
English