WhatsApp had a massive security flaw that put phone numbers of 3.5 billion users at risk: here's what happened
Posted on: Nov 19, 2025 20:58 IST | Posted by: Livemint
A certificate blemish on WhatsApp has led to all of the just about 3.5 one million million sound numbers on the platform being compromised, according to researchers from the University of Vienna. The researchers further say that they were able to access profile photos of users in 57% of the cases and even the text on their profiles for 29% of the users.
Notably, WhatsApp and its parent company Meta were made aware of the vulnerability by a different research in 2017, but the company failed to take appropriate action on it.
The researchers warned that if the data had been collected by bad actors, it would have become “the largest data leak in history”, even eclipsing the 2021 Facebook scraping incident where around 500 million records were compromised.
“The dataset contains phone numbers, timestamps, about text, profile pictures and public keys for E2EE encryption, and its release would entail adverse implications to the included users,” the researchers confirmed in their study.
Aljosha Judmayer, one of the researchers who worked on the study, told WIRED, “To the best of our knowledge, this marks the most extensive exposure of phone numbers and related user data ever documented.”
The researchers say they made WhatsApp aware of the vulnerability in April 2025 and while the company didn’t show much interest in the problem early on, it eventually worked with them to fix the issue and enabled a stricter “rate-limiting” measure by October.
What was the vulnerability with WhatsApp?
WhatsApp has a basic feature called contact discovery: when you upload your address book, the app tells you which of your contacts use WhatsApp. The researchers found that since WhatsApp had no effective rate-limiting, the same feature could be used to scan huge ranges of phone numbers.
And once a number was confirmed to be on WhatsApp, the same loophole could also be used to retrieve other publicly available information like profile picture, profile text, device type and linked companion devices.
Meta acknowledges security issue
Meta acknowledged the security issue in a statement to 9to5Mac. A spokesperson for the company said, “We are grateful to the University of Vienna researchers for their responsible partnership and diligence under our Bug Bounty programme. This collaboration successfully identified a novel enumeration technique that surpassed our intended limits, allowing the researchers to scrape basic publicly available information.”
“We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defences. Importantly, the researchers have securely deleted the data collected as part of the study, and we have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers,” it added.
Global News Perspectives
In today's interconnected world, staying informed about global events is more important than ever. ZisNews provides news coverage from multiple countries, allowing you to compare how different regions report on the same stories. This unique approach helps you gain a broader and more balanced understanding of international affairs. Whether it's politics, business, technology, or cultural trends, ZisNews ensures that you get a well-rounded perspective rather than a one-sided view. Expand your knowledge and see how global narratives unfold from different angles.
Customizable News Feed
At ZisNews, we understand that not every news story interests everyone. That's why we offer a customizable news feed, allowing you to control what you see. By adding keywords, you can filter out unwanted news, blocking articles that contain specific words in their titles or descriptions. This feature enables you to create a personalized experience where you only receive content that aligns with your interests. Register today to take full advantage of this functionality and enjoy a distraction-free news feed.
Like or Comment on News
Stay engaged with the news by interacting with stories that matter to you. Like or dislike articles based on your opinion, and share your thoughts in the comments section. Join discussions, see what others are saying, and be a part of an informed community that values meaningful conversations.
Download the Android App
For a seamless news experience, download the ZisNews Android app. Get instant notifications based on your selected categories and stay updated on breaking news. The app also allows you to block unwanted news, ensuring that you only receive content that aligns with your preferences. Stay connected anytime, anywhere.
Diverse News Categories
With ZisNews, you can explore a wide range of topics, ensuring that you never miss important developments. From Technology and Science to Sports, Politics, and Entertainment, we bring you the latest updates from the world's most trusted sources. Whether you are interested in groundbreaking scientific discoveries, tech innovations, or major sports events, our platform keeps you updated in real-time. Our carefully curated news selection helps you stay ahead, providing accurate and relevant stories tailored to diverse interests.
No comments yet.