WhatsApp Private Groups Chats leaks on Google, Anyone can read your private messages: Report
Tech786: A new case related to WhatsApp privacy has surfaced. According to reports, the WhatsApp group’s links are now appearing again on Google search results. This means that any person can search and join the private WhatsApp group just by searching on Google.
Earlier it was revealed in 2019 as well, after which the company fixed the flaw in it. Another old issue that has been fixed earlier is also coming up in which WhatsApp profile is now appearing on the search results. Due to this flaw, people’s phone numbers and profile photos can be revealed only with a simple Google search.
Can also access phone number and profile photo
By allowing indexing of group chat invoices, WhatsApp is now making available many private groups on the web, as their links can be accessed using a simple search query on Google. Reports are claiming that whoever gets this link can not only join the group but can also see their phone numbers along with the posts being shared by the members and the group.
What did WhatsApp say on this leak?
On the report of the data leak, WhatsApp said in a statement that since March 2020 WhatsApp has implemented noindex tag for all linked pages, since which these pages are out of Google’s indexing. The company has asked Google not to index these chats.
WhatsApp may be clear on every leak, but somewhere the privacy of WhatsApp is slowly weakening due to which people are looking for other options like Telegram and Signal. Please tell that after the new service condition of WhatsApp, the signal has come in the list of top free apps on the Apple App Store.
The matter was first revealed in 2019
This is not the first time that such a flaw has come to light. In November 2019, WhatsApp group chat invites were found on Google search results. A security researcher had reported the issue to Facebook, although the company quickly corrected it after the matter came to headlines.
Reverse engineer Jen Manchun Wong stated that WhatsApp fixed the group chat index by adding a ‘no-index’ meta tag to the chat invoice link. However, the latest link includes a no-index meta tag. However, the group chat links found in 2019 did not appear on Google, so it could be a different issue that could lead to similar results, or it could revert to the old problem.
Your @WhatsApp groups may not be as secure as you think they are. WhatsApp Group Chat Invite Links, User Profiles Made Public Again on @Google Again.
Story – https://t.co/GK2KrCtm8J#Infosec #Privacy #Whatsapp #infosecurity #CyberSecurity #GDPR #DataSecurity #dataprotection pic.twitter.com/7PvLYuM9xD
— Rajshekhar Rajaharia (@rajaharia) January 10, 2021
Group chat link became public due to a subdomain
Rajaharia said that WhatsApp did not specifically include a robots.txt file for the chat.whatsapp.com subdomain, which has led to the indexing of group chat invitations on Google and other search engines. Web developers typically use robots.txt files to tell search engine crawlers which pages or files they can and cannot crawl.
Users’ profiles also became public on Google
With the group chat invite link, WhatsApp seems to have allowed Google to index users’ profiles again so that anyone can chat with users or view their profile photos. By searching for the country code on WhatsApp’s domain, the URLs of people’s profiles can be revealed, which included the phone number and profile photo. The issue was fixed by WhatsApp in June last year. The company had not given any clarification at that time but it was confirmed in many reports.
About 5000 profiles are appearing on Google
According to reports, like group chat indexing, profiles of WhatsApp users have also been available again on Google for the last few hours. The search engine is already indexed to 5,000 profile links. Rajaharia discovered indexing of WhatsApp users profiles on Google. They noticed that as seen in the group chat invoice, there is no special robots.txt file for the api.whatsapp.com subdomain in terms of profiles, which tells the search engine crawler not to crawl their respective links. .