There was a WhatsApp group issue where a random person can join your group in between an important meeting or while spending time with your friends and can have immediate access to information like the group’s name, its profile picture, and the members in it. This was a real issue where it was possible to discover your private group chat through Google Search. This WhatsApp issue is fixed now, but it was once identified in 2019.
WhatsApp groups that use links to allow other members to enter might again be vulnerable to be discovered online, suggested in a new report by Internet Security Researcher Rajshekhar Rajaharia. In this case, it would allow anyone to enter into a particular group, theoretically. The vulnerability has been verified by the Indian Express, and it confirms that some WhatsApp groups can be joined from the web.
These links become accessible for unknown users and allow them to join any groups across the web that they have searched for is because of enabling WhatsApp group chats to be indexed. This allows direct access to the phone numbers of the users along with their pictures. If nobody notices these unwelcomed users in the group, they can stay hidden for as long as they want to, only until someone notices an unknown presence. But the worst part is, even if they’re kicked out, they leave with a list of phone numbers and group details.
WhatsApp has released a statement regarding its fixes
In a statement. The company said: “Since March 2020, WhatsApp has included the “no index” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
This was once surfaced back in 2019 where a security researcher found the same issue who reported it to Facebook. On attracting a lot of media attention and becoming public, the issue was fixed. Now the same groups which had been exposed aren’t indexable anymore, which as per a report by Gadgets360 suggests that the reason for this big is a different issue.
Are the user profiles indexable on Google?
Apart from just the group invite links, the issue is also with an individual’s user account profile. The URLs of an individual person’s profile can be searched on Google now. This allows strangers direct access to profiles that are indexed, and this displays their phone numbers and their profile pictures in some cases. This was fixed in June 2020 as it was reported earlier as well.