WhatsApp is one of the most popular messaging apps in the world because of its convenience. You don't need complicated steps just to register. When you have a phone number, you can start chatting with your friends and other people right away.
At the same time, however, that convenience left a major vulnerability: until recently, every WhatsApp user's phone number could be easily accessed by anyone, including hackers.
How Easy It Was to Exploit
Earlier this year, the Austrian researchers were able to test nearly 100 million phone numbers per hour, proving just how minimal the effort required was to scrape highly sensitive user data.
What makes the issue even more alarming is that Meta, WhatsApp's parent company, had been warned about this exact vulnerability as far back as 2017, yet the flaw remained unaddressed for years. For users, it looks like the platform just ignored the abuse.
Fortunately, Meta finally implemented rate-limiting in October, reducing the ability to carry out mass contact discovery after the Austrian researchers reported the issue in April.
While the fix stops large-scale exploitation, the long delay highlights how users were exposed to unnecessary risk for years.
Massive WhatsApp Data Exposure Revealed
In their findings, the researchers have shown the extent of this security gap. Here, they showed that hackers can extract phone numbers for all 3.5 billion WhatsApp users. More worryingly, they can also access profile photos for about 57% of those users and read the profile text for another 29%.
The alarming part is that no advanced hacking technique was used. Instead, the researchers used WhatsApp Web, the browser-based interface, and simply added billions of phone numbers in bulk.
WhatsApp would then indicate whether the number had an account and display the associated profile information. In essence, what is normally done by any user was scaled up to a massive operation.
Meta's Response and Public Safety
According to GSM Arena, Meta said the data exposed was "basic publicly available information". Profile photos, along with text, remained hidden for those who had implemented privacy settings, and there was no evidence of malicious actors taking advantage of the bug, according to the company. Importantly, the researchers could not gain access to any non-public data.
While the risk here was confined to public information, the scale of possible data harvesting calls for the need to take digital security seriously, even for those applications trusted worldwide. The takeaway: users have to be more aware of privacy settings, limit who can see profile information, and be more careful with their personal information.
This is not the first time that WhatsApp has encountered a massive data breach. Back in 2022, the platform suffered a data leak that affected 32 million users in the US alone.
Related Article: WhatsApp's New Translation Feature Could Change How You Chat Forever
ⓒ 2025 TECHTIMES.com All rights reserved. Do not reproduce without permission.
