WhatsApp’s simplicity, using just a phone number to connect — has also created a major security risk. Austrian researchers have discovered that every WhatsApp user’s phone number (about 3.5 billion people) could be easily accessed by anyone, including hackers.
They revealed that:
- All 3.5 billion phone numbers could be extracted
- 57% of users’ profile photos were accessible
- 29% of users’ profile texts were visible
And surprisingly, no hacking tools were needed. The researchers simply attempted to add billions of phone numbers through WhatsApp Web, which automatically shows whether a number is registered — along with the user’s profile photo and status text.
They were able to check 100 million numbers per hour, because Meta ignored earlier warnings about this flaw dating back to 2017.
In April this year, the researchers notified Meta again, and by October, WhatsApp finally added rate limits to stop mass lookups. But this means the vulnerability existed for years, giving hackers plenty of time to exploit it.
Meta insists that the exposed data was “public information” and that there’s no evidence of misuse — but the researchers say the risk was real.
