This WhatsApp vulnerability could expose your personal chats to anyone

“The group chat invite links vulnerability has long been argued since they were accessible publicly and can turn ugly if they fall into the wrong hands”

WhatsApp Groups have a feature of sharing invite links with users to join them. Group admins can revoke these links at any point. Now, in an interesting turn of events, Google had indexed these private WhatsApp group chat invite links, letting anyone join them with a simple, relevant search, according to a report by Motherboard. The links were accessible by searching site:chat.whatsapp.com. However, the Mountain View giant seems to have modified the search results to stop the invite links from being surfaced in the search results. The invite links vulnerability has long been argued since they were accessible publicly and can turn ugly if they fall into the wrong hands.

WhatsApp

Furthermore, Motherboard claims to have found numerous private groups with relevant Google searches and even joined a UK accredited NGO group, gaining access to participants and their contact details. Commenting on this, Alison Bonny, a WhatsApp spokesperson, said, “Like all content that is shared in searchable public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. The links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.

Danny Sullivan, Google’s public search liaison, on Twitter, said, “Search engines like Google & others list pages from the open web. That’s what’s happening here. It’s no different than any case where a site allows URLs to be publicly listed.” Surprisingly, a security researcher claims he had reported to Facebook back in November, but the company turned it down, saying that it was an intentional product decision.