- WhatsApp had not included the robots.txt file for ‘chat.whatsapp.com’ subdomain, leading to the indexing of groups and profiles
- Over 1,700 WhatsApp group invite links and around 7,000 profiles were accessible in Google Search results
- WhatsApp has now fixed the bug and the links are no longer appearing in search results
Furthermore, while some of these groups were dedicated to specific interests and communities, few others were shabby. The security researcher says that WhatsApp had not included the robots.txt file for ‘chat.whatsapp.com’ subdomain, which eventually led to the indexing of these groups and profiles. Robots.txt is used by developers to tell search engine crawlers which pages can or cannot be processed from the websites. However, WhatsApp has now fixed the bug and the links are no longer appearing in search results.
“Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website,” a WhatsApp spokesperson said.
A similar WhatsApp bug first surfaced back in 2019 due to a misconfiguration by the chat application. This made search engines index more than 470,000 group invites. It was pointed out by Jane Manchun Wong and was fixed last year.