WhatsApp claims it fixed an issue that was showing users’ phone numbers in Google search results, TechCrunch reports. The change comes after security researcher Athul Jayaram revealed that phone numbers of WhatsApp users who used the Click to Chat feature were being indexed in search.
Click to Chat is a lesser-known WhatsApp facility that allows website visitors to converse with website operators via the messaging service. For example, if a visitor to an ecommerce site had a query about a listing, they could scan a QR code to be entered into a WhatsApp conversation with the relevant helpdesk.
According to Jayaram, because the links don’t have a robot.txt file in the server root, they cannot stop Google or other search engine bots from crawling and indexing the links. Jayaram says as many as 300,000 phone numbers may have appeared in Google search results, and they could be found by searching “site:wa.me.”
As TechCrunch notes, Jayaram isn’t the first to report this issue. WaBetaInfo pointed it out in February. While the issue seems to be fixed, it’s a pretty big security flaw and apparently it’s been a problem for at least several months.
According to Facebook, it was already working to fix the issue and the phone numbers found by Jayaram were old results cached by the search engine. Those should be removed as the site continues to re-index websites and finds the no-index tag.
Jayaram points out, many WhatsApp users he contacted whose numbers appeared in Google search results were surprised to learn that this sensitive information was accessible on the public internet.