Goal

Potentially Historic Massive Data Leak Austrian researchers have revealed a mass enumeration vulnerability in WhatsApp that allowed the extraction of 3.5 billion user phone numbers. This finding highlights a security flaw in the app’s “contact discovery” feature, which, lacking strict rate limiting, allowed researchers to scrape a large portion of WhatsApp’s user base. The method exploited by the researchers is based on how WhatsApp makes it easy to add contacts: when you enter a phone number, the platform instantly checks whether that number is registered and often displays the profile photo and associated name. By repeating this process billions of times using the browser-based WhatsApp app, researchers were able to collect phone numbers of almost all WhatsApp users in the world. ...