A new critical vulnerability has been discovered within WhatsApp that has exposed the phone numbers of over 3.5 billion account holders, as security experts issue major privacy warnings to people.
There are new security breaches and data leaks all the time in the internet age and people can make sure of vital websites to keep track of when and where their data might have been stolen from to avoid any further issues down the line.
However, there's little you can do about certain types of information once they do break containment, and some forms are far more valuable and damaging than others if they were to get into the wrong hands.
That's why recent news of a critical vulnerability within WhatsApp – a platform that over 3 billion people use worldwide every single month – is rather frightening, and has prompted cybersecurity experts to issue their own advice for people to follow.
Advert
As reported by the Independent, the flaw was first uncovered by a team of experts at the University of Vienna and SBA Research, and it hinges on WhatsApp's contact discovery mechanism.
This, in practice, allows people to match phone numbers that are already stored in the device's contact book with numbers in the app's database, effectively matching you up with people you already know to save time and effort.
However, hackers have managed to use this system to scrape phone numbers, profile photos, and even what's written in your 'About' status from billions of accounts, leading to a potentially serious breach of data.
Gabriel Gegenhuber, a researcher from the University of Vienna, asserted that "these findings remind us that even mature, widely trusted systems can contain design or implementation flaws that have real-world consequences."
It's particularly jarring as many people have opted for WhatsApp for its security purposes, as it offers end-to-end encryption for its chats, but this, in the eyes of cybersecurity experts, should serve as a 'wake-up call'.
Phone numbers are too public and too permanent on these platforms, argue the experts, and can be scraped by bad actors with far too much ease to be used as the primary user identification process going forward.
Speaking to the Independent, NordVPN's chief technology officer Marijus Briedis illustrated that "this issue highlights a fundamental problem with WhatsApp's architecture: the phone number itself is the vulnerability.
"WhatsApp uses numbers as its core identity system, [so] attackers were able to automatically test billions of them and pull back profile details at extraordinary speed," he continued.
Unfortunately there's little you can actually do for now outside of changing your phone number completely – which for most people is entirely impractical – but you should simply be wary of any phone-related scams, perhaps more so than you usually would anyway.
Thankfully WhatsApp's parent company Meta has informed everyone that the issue has since been addressed and fixed, but some might argue that more could have been done beforehand to prevent the issue entirely.