WhatsApp has fixed a flaw that could have let people slip into private WhatsApp groups through Google search.
A journalist at German publication DW News noticed that Google was indexing around 470,000 WhatsApp group invites, which would have allowed anyone to enter a private chat.
Reverse engineer Jane Manchun Wong found that WhatsApp fixed the problem by removing the listings from Google and adjusting the code on chat invitation links.
Looks like WhatsApp has fixed it by removing the existing listing from Google and adding the `noindex` meta tag on the chat invitation links! 😀 pic.twitter.com/kict2bsENu
— Jane Manchun Wong (@wongmjane) February 22, 2020
Although most of the chats didn’t have sensitive information, Motherboard discovered that one of the group chats appeared to be for NGOs accredited by the United Nations. Motherboard entered the chat and was able to see a list of all 48 participants along with their phone numbers.
WhatsApp said that the links that appeared on Google search had been shared in searchable public channels. It said that users who want to keep their chats private should not share invitation links on publicly searchable sites.
Further, Google’s public search liaison tweeted that this instance was no different than other situations where websites allow links to be listed publicly.
This instance shows that in order to keep your private chats actually fully private, it’s important to remind every participant to never share invitations on public spaces.
Source: @wongmjane, Motherboard
