Imagine discussing some important details and having a important talk with your office colleagues in the WhatsApp group, when suddenly someone joins in. This person now has instant access to information such as group members’ details and group name and profile picture. This was a real problem where finding your private group chat on Google search is possible. This problem has been reversed in 2019 but has now resurfaced.
A new report which was given by the Internet Security Researcher Rajshekhar Rajaharia (@rajaharia) suggests and tells that the WhatsApp groups that use links to allow users to log in, may also be at risk of being found online and that this would allow anyone to join the group. Indian Express has confirmed the vulnerability and can ensure that other WhatsApp groups can be joined from the web.
Enabling WhatsApp Group chats to be displayed, allows these independent group links across the web to be searched, and joined. This allows searchers to find users’ phone numbers and profile pictures. If no one notices this unwanted entry to the group, the stranger may remain hidden for a while until someone realizes he or she is present. Worse still even after the expulsion of these unknown people from the group, their brief entry still leaves them with a list of phone numbers in the group.
As of March 2020, WhatsApp has installed a “noindex” tag on all deep social media pages, according to Google, which will remove them from the index. We have provided feedback to Google not to specify these conversations. As a reminder, whenever a person joins a group, everyone in that group receives a notification and the manager can return or change the group invitation link at any time. As with all content that was shared on searchable, public channels and also the invite links that were posted online can be found on other WhatsApp users. Links users who wish to share privately with people they know and trust should not be posted on a publicly available website. ”
This happened earlier in 2019
Back in 2019, a similar issue was discovered by a security researcher, who reported the matter on Facebook. It was revised after the issue came to light and attracted many media outlets. However, as reported in Gadgets360, the same groups identified in 2019 can no longer be identified, which suggests that a different problem has led to this bug.
Even user profiles are now identified on Google
The problem is not only with links to group invitations but also with each user’s account profiles. Thr URLs of people’s profiles can also now be searched on Google and this allows the strangers to access the profiles of those who are shown, and also to show their phone numbers, and in few cases it even shows their profile pictures. The matter has also been reported in the past and was reported to have been resolved in June 2020. Indian Express reached out to WhatsApp to comment on the matter.