WhatsApp API Blunders: How 3.5 Billion Numbers Were Scooped Up Faster Than Free Wi-Fi
Researchers discovered a staggering 3.5 billion WhatsApp accounts by abusing an API with as much resistance as a wet paper bag. Underwhelmed by the lack of security, WhatsApp has since added rate-limiting protections. The incident highlights how unprotected APIs are like open buffets for data-hungry threat actors.
Hot Take:
Who knew WhatsApp would double as a buffet for data scrapers? It’s like a never-ending happy hour for hackers, minus the cheesy nachos. Props to the researchers for finding the “All You Can Eat” sign before the cybercriminals did. So while WhatsApp forgot to put a lid on their data potluck, these researchers were there to remind them—before it turned into the world’s biggest digital potluck nightmare.
Key Points:
- Researchers exploited WhatsApp’s contact-discovery API, scraping 3.5 billion phone numbers.
- WhatsApp has since implemented rate limiting to curb API abuse.
- The study highlighted WhatsApp’s global usage, with India leading the pack.
- Researchers accessed additional user data like profile photos and “about” text.
- API vulnerabilities remain a widespread issue, affecting other platforms like Facebook and Twitter.
Already a member? Log in here