WhatsApp Exposes 3.5 Billion Users’ Data Through ‘Basic’ Public Info
WhatsApp, the world’s most widely used instant messaging app, is popular for its simple, phone-number-based registration. Users love that they can start conversations instantly without any complicated sign-up steps. However, this ease of use created a major WhatsApp security flaw that has put over 3.5 billion users at risk, as researchers revealed that WhatsApp phone numbers were accessible to anyone, including hackers, for years.
WhatsApp Security Risk: How Easy Was the Data Extraction?
A team of Austrian researchers recently discovered just how shockingly simple it was to exploit the WhatsApp privacy loophole. They tested nearly 100 million phone numbers per hour, proving that attackers needed almost no effort to scrape sensitive WhatsApp user data.
Even more alarming was the fact that Meta had been warned about this vulnerability as early as 2017, yet the flaw remained unresolved for years. Only after the researchers reported the issue again in April this year did the company respond.
Meta finally rolled out rate-limiting controls in October, reducing the ability to mass-harvest phone numbers. While the fix is welcome, the delay suggests that billions of WhatsApp users were left exposed to unnecessary risk for years.
What Data Could Hackers Access?
The researchers found that hackers could extract phone numbers linked to all 3.5 billion WhatsApp accounts worldwide, along with additional publicly visible data from:
Shockingly, no advanced hacking tools were required. Using WhatsApp Web, attackers simply uploaded billions of numbers and allowed the platform to confirm which ones had active accounts. The system then revealed profile photos and text if the user had not enabled privacy restrictions.
Meta Responds: “Only Public Information Exposed”
According to a report by GSM Arena, Meta downplayed the incident, stating that the exposed data was “basic publicly available information.” They added that no non-public information was compromised and that there was no proof that malicious actors exploited the bug.
However, the incident highlights a critical issue: public information at scale can be extremely dangerous, especially when tied to billions of verified phone numbers. This calls for stronger WhatsApp privacy settings and better awareness among users.
History Repeats: WhatsApp Faced Another Leak in 2022
This is not the first major privacy concern affecting the platform. In 2022, WhatsApp suffered a massive data leak affecting 32 million US users, again raising concerns about how well the company protects user information.
How Users Can Protect Themselves
To avoid exploitation through public information, users should immediately adjust their WhatsApp privacy setting
WhatsApp Security Risk: How Easy Was the Data Extraction?
A team of Austrian researchers recently discovered just how shockingly simple it was to exploit the WhatsApp privacy loophole. They tested nearly 100 million phone numbers per hour, proving that attackers needed almost no effort to scrape sensitive WhatsApp user data.
Even more alarming was the fact that Meta had been warned about this vulnerability as early as 2017, yet the flaw remained unresolved for years. Only after the researchers reported the issue again in April this year did the company respond.
Meta finally rolled out rate-limiting controls in October, reducing the ability to mass-harvest phone numbers. While the fix is welcome, the delay suggests that billions of WhatsApp users were left exposed to unnecessary risk for years.
What Data Could Hackers Access?
The researchers found that hackers could extract phone numbers linked to all 3.5 billion WhatsApp accounts worldwide, along with additional publicly visible data from:
| Data Type | Exposure Rate |
| Phone Numbers | 100% of users |
| Profile Photos | 57% of users |
| Profile Text/Bio | 29% of users |
Shockingly, no advanced hacking tools were required. Using WhatsApp Web, attackers simply uploaded billions of numbers and allowed the platform to confirm which ones had active accounts. The system then revealed profile photos and text if the user had not enabled privacy restrictions.
Meta Responds: “Only Public Information Exposed”
According to a report by GSM Arena, Meta downplayed the incident, stating that the exposed data was “basic publicly available information.” They added that no non-public information was compromised and that there was no proof that malicious actors exploited the bug.
However, the incident highlights a critical issue: public information at scale can be extremely dangerous, especially when tied to billions of verified phone numbers. This calls for stronger WhatsApp privacy settings and better awareness among users.
History Repeats: WhatsApp Faced Another Leak in 2022
This is not the first major privacy concern affecting the platform. In 2022, WhatsApp suffered a massive data leak affecting 32 million US users, again raising concerns about how well the company protects user information.
How Users Can Protect Themselves
To avoid exploitation through public information, users should immediately adjust their WhatsApp privacy setting
- Hide profile photo from “Everyone”
- Set “About” visibility to “My Contacts”
- Avoid using personal details in status or bio
- Refrain from uploading identifiable photos
Next Story