The privacy breach was reported on Sunday. Invite links to private WhatsApp messaging groups as well as some user profiles were indexed by Google and appeared in search results, essentially meaning anyone was able to join supposedly secure chats and see both chats and related phone numbers.
The issue was promptly addressed by WhatsApp, and the exposed links have now vanished from search results. The problem appeared to have been similar to a privacy breach of chats and user information reported in early 2020.
In the company’s statement about the breach, it insisted the app’s security has been greatly improved since last year’s leak, and implied that users themselves had been to blame for the weekend’s Google spillover.
“Since March 2020, WhatsApp has included the ‘noindex’ tag on all deep link pages, which, according to Google, will exclude them from indexing,” it told Gadgets 360 oultet, urging users not to post invite links in any publicly accessible places to keep them well away from search engines.
Like all content that is shared in searchable public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.
The incident comes days after WhatsApp rolled out its new, highly controversial policy obliging users to share their private data with its parent company, Facebook, or to leave the platform if they did not consent. The company said the information collected would be used to “help operate, provide, improve, understand, customize, support, and market our services.” It acknowledged it monitors users’ content to “fight spam, threats, abuse, or infringement activities” and “improve” the WhatsApp experience.The controversial rules have triggered a mass exodus of users from the messenger, with its rivals – Telegram, as well as Signal – enjoying a consequent spike in popularity.