WhatsApp, problem solved: deleted numbers on Google

WhatsApp has solved the problem of 300,000 phone numbers present on Google: they have been deleted. Here's what had happened

It took WhatsApp developers less than 24 hours to find a solution: users' phone numbers are no longer present on Google. The discovery of IT researcher Athul Jayaram, who found over 300,000 WhatsApp contacts indexed on Google's search engine, created too much of a stir and WhatsApp was forced to take prompt action.

As we explained a few days ago, the reason for this bug is the Click to Chat feature that allows users to send messages on the messaging application even to contacts that are not registered in the address book. To do so, you need to create a URL following this example: "https://wa.me/numeroditelefono". The computer scientist discovered that the metadata of the wa.me site is automatically indexed by Google, including the phone number, which can be viewed by everyone. Although the expert's report occurred in May, WhatsApp did not consider the problem a serious bug and at first did not intervene. But after the articles of all the online magazines, the developers decided to take countermeasures.

WhatsApp, why the numbers were visible on Google

Some called it a bug, others a simple oversight. But the problem was real, as evidenced by the quick action to get everything back to normal. This is not the first time that WhatsApp ends up under the eye of the storm for some user data ended up on search engines. Already last February, the website Motherboard had discovered thousands of WhatsApp groups on Google: any user could access and read the messages exchanged.

In this case, however, the cause of the problem is the Click to Chat function, used by many websites (especially e-commerce) to facilitate the sending of messages by users. By clicking on a button you can send messages to customer support without registering the number. However, this involves creating a URL that is indexed by Google, including the phone contact. It was enough to do a simple search on the search engine, to find a phone number, save the image of the contact, use it for a reverse search and find the person's name. A name that could be used for scams or phishing campaigns.

How the problem was solved

Although WhatsApp initially tried to defend itself by saying that the search engine only indexes URLs (and therefore phone numbers) of people who have decided to make them public, within a few hours it decided to de-index the domain "wa.me" from search engines. In this way, similar cases will not be repeated in the future.