A WhatsApp user can easily see if a contact is registered on the platform

A major security revelation has placed WhatsApp under intense scrutiny after researchers uncovered a critical flaw that allowed the enumeration of more than three and a half billion active accounts worldwide. While the company insists that no private information was compromised and that only publicly visible user details were involved, independent experts state that the situation is far more serious than WhatsApp has acknowledged.

Researchers Expose Massive Enumeration Vulnerability

A team from the University of Vienna and SBA Research discovered that WhatsApp’s contact discovery feature could be queried at extremely high speed. By systematically checking phone number ranges, the researchers were able to confirm which numbers were linked to active WhatsApp accounts. Their server was able to generate up to one hundred million queries per hour, ultimately confirming billions of accounts across nearly every country.

These findings are part of a new research paper published on Tuesday, November 18, by a group of computer scientists from the University of Vienna in Austria, who said that they were able to compile these large datasets of WhatsApp account information by taking advantage of the instant messaging platform’s contact-discovery feature.

A WhatsApp user can easily see if a contact is registered on the platform by saving the mobile number on their phone and checking whether it appears in the chat list. If the other user has not restricted visibility in their account settings, their profile photo and name often show up as well.

By - Aaradhay Sharma