- Cybersecurity researcher Rajsekhar Rajaharia informed about this flaw of WhatsApp
- Profiles of many users are also visible in the search results, anyone can chat with them.
A new case related to WhatsApp privacy has surfaced. According to reports, the WhatsApp group’s links are now appearing again on Google search results. This means that any person can search and join the private WhatsApp group just by searching on Google. Earlier it was also revealed in 2019, after which the company corrected the flaw in it. Another old issue that has been fixed earlier is also coming up in which the WhatsApp profile is now appearing on the search results. Due to this flaw, people’s phone numbers and profile photos can be revealed only with a simple Google search.
Can also access phone number and profile photo
By allowing indexing of group chat invoices, WhatsApp is now making available many private groups on the web, as their links can be accessed using a simple search query on Google. Reports are claiming that whoever gets this link can not only join the group but can also see their phone numbers along with the posts being shared by the members and the group.
Some group were about to share porn
Cybersecurity researcher Rajshekhar Rajaharia gave information about the indexing of WhatsApp group chat invites on Google. By the time of writing the news, the search results had more than 1,500 group invite links available.
Some of the links indexed by Google lead to the WhatsApp group sharing porn. In some other cases, there were links to certain communities or interests with WhatsApp groups. Apart from this, groups sharing messages for Bangla and Marathi users were found. With this link, people who were not invited can also join groups easily.
The matter was first revealed in 2019
This is not the first time that such a flaw has come to light. In November 2019, WhatsApp group chat invites were found on Google search results. A security researcher had reported the issue to Facebook, although the company quickly corrected it after the matter came to headlines.
Reverse engineer Jane Manchun Wong stated that WhatsApp fixed the group chat index by adding a ‘no-index’ meta tag to the chat invoice link. However, the latest link includes a no-index meta tag. However, the group chat links found in 2019 did not appear on Google, so it could be a different issue that could lead to similar results, or it could revert to the old problem.
Group chat link became public due to a subdomain
Rajaharia said that WhatsApp did not specifically include a robots.txt file for the chat.whatsapp.com subdomain, which has led to the indexing of group chat invitations on Google and other search engines. Web developers typically use robots.txt files to tell search engine crawlers which pages or files they can and cannot crawl.
Users’ profiles also became public on Google
With the group chat invite link, WhatsApp seems to have allowed Google to index users’ profiles again so that anyone can chat with users or view their profile photos. By searching for the country code on WhatsApp’s domain, the URLs of people’s profiles can be revealed, which included the phone number and profile photo. The issue was fixed by WhatsApp in June last year. The company had not given any clarification at that time but it was confirmed in many reports.
About 5000 profiles are appearing on Google
According to reports, like group chat indexing, profiles of WhatsApp users have also been available again on Google for the last few hours. The search engine is already indexed to 5,000 profile links. Rajaharia discovered the indexing of WhatsApp users profiles on Google. They noticed that as seen in the group chat invoice, there is no special robots.txt file for the api.whatsapp.com subdomain in terms of profiles, which tells the search engine crawler not to crawl their respective links.