Phone numbers of WhatsApp users who chose to create public links to their accounts will no longer be listed on Google. WhatsApp confirmed to Digital Trends that Google has blocked the practice, and a simple query for “site:wa.me” now won’t return an endless list of links to WhatsApp users.
The move comes after India-based security researcher Athul Jayaram highlighted how executing an empty query for WhatsApp’s Click to Chat URL can get you access to thousands of phone numbers and direct links to launching a chat with them.
WhatsApp’s Click to Chat tool allows anyone to fire up a chat without having to save the other party’s number on their phone first. Instead, users can simply append the number to a special web address and click on it to begin chatting with the recipient on WhatsApp.
The feature was primarily employed by businesses, since they were able to place that public link on their website to let visitors and customers easily reach out to their WhatsApp’s support channel without going through the hassle of saving the number in their phonebooks.
Jayaram said he was able to message several strangers whose WhatsApp numbers he managed to acquire from the wa.me search. The Google listing didn’t reveal any other personal information, such as the user’s number or status. However, Jayaram could view the pictures and names of people who hadn’t made their data private through WhatsApp’s security options.
By appending the country’s code at the end of the URL, Jayaram could also restrict the results to a specific region that could potentially prove handy to spammers and cybercriminals.
Jayaram reported the leak to Facebook through the social media company’s Bug Bounty programs. WhatsApp, however, told Digital Trends that it didn’t qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public.”
WhatsApp landed in a similar controversy earlier this year in February when a report discovered that anyone could look up private group links — that were shared or posted on a public channel — on Google and access their list of phone numbers and participants by joining them without verification.
