WhatsApp has become so tightly woven into our daily lives that for many people, it’s almost impossible to imagine a day without it. It’s how we talk to family, share photos, coordinate work, and even run businesses. But a new report has revealed a serious security lapse that shows just how much risk comes with that convenience.
According to security researchers, a simple flaw in WhatsApp allowed the phone numbers of about 3.5 billion users to be pulled from the platform. The shocking part? The vulnerability wasn’t new. Meta, WhatsApp’s parent company, was reportedly warned about this exact issue back in 2017 and still failed to fix it.
Meta told 9to5mac that the flaw was uncovered through its Bug Bounty program in collaboration with researchers at the University of Vienna. The company said the team had identified a new enumeration method that bypassed existing limits and allowed scraping of publicly visible information such as phone numbers and profile details. According to Meta, the study helped test and validate its anti‑scraping defenses, which were already in development.
WhatsApp’s biggest strength is also its biggest weakness. The app makes it incredibly easy to find someone- just add a phone number, and it instantly shows if that person is on WhatsApp, often along with their profile picture and name. It’s a friendly feature when you’re trying to find a colleague or a new contact. But when researchers scaled it up, things took a dangerous turn.
By running the “check if this number is on WhatsApp” feature billions of times across every possible phone number, researchers were able to collect a near-complete global list of WhatsApp users. Many entries also included photos and profile information. They warn that if criminals had used the same trick, it could have resulted in “the largest data leak in history.”
What makes this even more troubling is how easily the issue could have been prevented. The researchers say the fix required just a simple limit on how many times someone can check a number, something most major apps already do. But despite repeated warnings over more than eight years, Meta reportedly never added that basic safeguard.
-
These individuals' pensions will be suspended as of December 1st. Find out if your name is included.
-
Labour have got this 1 thing right and it means they're listening to the public
-
Rain Alert For 22 Odisha Dists As Deep Depression Over Bay Inches Closer To Chennai
-
Latest Odisha Breaking News Updates | Monday, 01 December 2025
-
Why non-smokers in Delhi are facing rising lung cancer risks
