WhatsApp group invitation links and user profiles appeared in Google search when people searched using the WhatsApp domain, meaning anyone could discover and join a private WhatsApp group simply using Google search.
Furthermore, user profiles were also showing up via Google search results. This is not the first time this has happened as the same was reported and resolved in 2019.
Reports on Sunday indicated that one can see WhatsApp group invite links and user profiles through a simple Google search, however, it appears that the vulnerability now been resolved. Now, the search engine does not show any results when searching Google with WhatsApp domain.
Group chats and profiles were showing up in Google search results because WhatsApp indexing of the group chat invitation making multiple private groups available on the internet because anyone can access their links through a simple Google search.
Your @WhatsApp groups may not be as secure as you think they are. WhatsApp Group Chat Invite Links, User Profiles Made Public Again on @Google Again.
Story – https://t.co/GK2KrCtm8J#Infosec #Privacy #Whatsapp #infosecurity #CyberSecurity #GDPR #DataSecurity #dataprotection pic.twitter.com/7PvLYuM9xD— Rajshekhar Rajaharia (@rajaharia) January 10, 2021
A person who joins these groups can see the participants and their phone numbers along with the posts shared in those groups. Cybersecurity researcher Rajshekhar Rajaharia also highlighted the vulnerability in a Twitter post.
“WhatsApp also allows users to generate rich preview links of group chat invites that eventually may allow search engine crawlers to identify the links and then index them for future searches,” Rajaharia said.
Indexing appears to have started again recently, according to a report by Gadgets 360. Links indexed by Google lead to different types of groups, including those dedicated to specific communities or interests, as well as groups with posts targeting Bangla and Marathi users and some groups that also share pornography.
