WhatsApp has stopped searching indexing users who have created public links of their accounts. Facebook's own messaging giant confirmed with Digital Trends that it has blocked practice and a simple Google query for "site: wa.me" no longer returns an endless list of links to WhatsApp users.
The step comes after India-based security researcher Athul Jayaram highlighted how you can access thousands of phone numbers and direct links to start chatting with them by running an empty query for WhatsApp's click-to-chat URL.
With WhatsApp's click-to-chat tool, anyone can start a chat with someone without first having to save their number on their phone. Instead, users can simply append the number to a specific web address and click on it to chat with the recipient via WhatsApp.
The function was mainly used by companies as they could place this public link on their website so that visitors and customers can easily access the WhatsApp support channel – without having to save the number in their phone books.
Jayaram said he could notify a number of strangers whose WhatsApp numbers he had obtained while searching for wa.me. No other personal information such as the number or status of the user was shown in the Google list. However, Jayaram was able to display the pictures and names of people who had not made their data private through WhatsApp's security options.
By appending the country code at the end of the URL, Jayaram could also limit the results to a specific region that may be useful for spammers and cyber criminals.
Jayaram reported the leak to the social media company's bug bounty programs on Facebook. However, WhatsApp informed Digital Trends that it did not qualify for a premium because it only contained a search engine index with URLs that WhatsApp users want to publish. "
WhatsApp got into a similar controversy in early February when a report found that anyone's private group links – shared or published on a public channel – could look up at Google and access their list of phone numbers and subscribers by themselves without them Verification follows.