scorecardresearch
Follow Us:
Thursday, January 21, 2021

WhatsApp Groups were accessible publicly via Google Search, issue now fixed

WhatsApp group invite links are now indexed on Google, allowing anyone who finds the link to join the groups and access details of members.

By: Tech Desk | Mumbai | Updated: January 11, 2021 1:08:41 pm
WhatsApp Group invite links are now accessible on Google Search, making them open to anyone. (Image source: Bloomberg)

Update: The issue where WhatsApp group links were being indexed on Google appears to have been resolved.

Imagine discussing important details with your office colleagues on the team’s WhatsApp group, when suddenly a random person joins in. This person now has immediate access to information like the details of group members and the group’s name and profile picture. This was a real issue where discovering your private group chat via Google Search was possible. The issue was fixed back in 2019 but now has surfaced again.

A new report by Internet Security Researcher Rajshekhar Rajaharia (@rajaharia) suggests that WhatsApp groups that use links to allow users to enter, may once again be vulnerable to being found online. This would theoretically allow anyone to join the group. Indian Express verified the vulnerability and can confirm that some WhatsApp groups may be joinable from the web.

Enabling WhatsApp Group Chats to be indexed, allows these links for private groups across the web to be searched for, and joined. This allows searchers to find phone numbers of users along with the profile pictures. Should nobody notice these unwelcome entries into the group, the stranger could then stay hidden for quite some time until someone realizes his/her presence. What’s worse is even after such strangers are kicked out of the group, their brief entry still leaves them with the list of phone numbers in the group.

WhatsApp statement

“Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website,” the company said in a statement.

This has happened before in 2019

Back in 2019, the same issue was found by a security researcher, who reported the matter to Facebook. It was later fixed after the issue became public and attracted a lot of media attention. However, as per a report by Gadgets360, the same groups which were exposed in 2019 are no longer indexable, suggesting that a different issue has led to the bug.

User profiles indexed on Google

The issue is not just with group invite links, but also with individual user account profiles. URLs of people’s profiles can now be searched on Google. This allows strangers to access the profiles of those indexed, displaying their phone numbers, and in some cases, their profile pictures as well. This issue too has taken place before and was reportedly fixed in June 2020. Indian Express has reached out to WhatsApp for a comment on the issue.

The issues are the latest in a slew of privacy concerns against WhatsApp. A recent update in the privacy policy of the Facebook-owned messaging platform has also put it under the crosshairs. A lot of unhappy WhatsApp users, as a result, are migrating to other apps.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

Advertisement
Advertisement
Advertisement
Advertisement