WhatsApp API flaw let researchers scrape 3.5B accounts(bleepingcomputer.com)
bleepingcomputer.com
WhatsApp API flaw let researchers scrape 3.5B accounts
https://www.bleepingcomputer.com/news/security/whatsapp-api-flaw-let-researchers-scrape-35-billion-accounts/
2 comments
Security researchers successfully compiled a database containing 3.5 billion active mobile phone numbers and associated personal information from WhatsApp by exploiting a major security flaw in the platform’s contact-discovery application service. The vulnerability, stemming from a critical lack of usage controls, allowed the team to check over 100 million potential numbers per hour from a single server without detection or throttling. The collected data included phone numbers, public “about” text, device information, and 77 million profile images from a test of US users. Following the responsible disclosure of this failure, the company added traffic-limiting safeguards to the service to prevent future bulk collection efforts.