Ethical hackers discovered a vulnerability in WhatsApp that could expose around 3.5 billion phone numbers.
Security experts have uncovered a large-scale vulnerability in WhatsApp. They discovered a weakness in the code that allowed them to extract about 3.5 billion phone numbers from the app. If this falls into the wrong hands, it could become one of the largest data leaks ever, the experts write in the Austrian research.
Weakness
The messaging platform allows users to easily look up others’ information. When you enter a phone number to start a conversation, for example, you immediately see if that number is linked to WhatsApp. If so, you can even view the name, photo, and any description.
read also
Microsoft Teams Vulnerabilities Allowed Hackers to Impersonate Colleagues
This feature can be abused if it falls into the wrong hands. And that’s exactly what the researchers tested. The researchers used their own developed tool that could collect data at a rate of over 100 million accounts per hour by inputting 63 billion phone numbers.
Unhindered
“To our surprise, neither our IP address nor our accounts were blocked by WhatsApp. Moreover, we didn’t experience any restrictive rate limits. With our query speed of 7,000 phone numbers per second, we were able to confirm 3.5 billion phone numbers registered on WhatsApp,” according to the researchers.
read also
183 Million Email Addresses Leaked: Google Denies Gmail Hack
Normally, platforms should apply some form of rate-limiting to prevent this, but this isn’t the case with WhatsApp. This allowed the researchers to input billions of phone numbers without interruption.
Ethical Hacking
Ethical hacking is not a crime; on the contrary. It helps companies expose and address their vulnerabilities. Moreover, this isn’t the first time Meta has undergone ethical hacking. Meta rewards these hackers and has already given four million dollars to hackers this year for disclosing details, reports Forbes.