Massive Security Flaw Puts 3 Billion WhatsApp Users at Risk

Researchers have uncovered a major WhatsApp security failure that exposes the phone numbers of all 3.5 billion users. According to the team behind the discovery, the issue has been sitting out in the open for more than a year. The researchers downloaded every phone number tied to the platform, revealing how easily WhatsApp’s user database can be scraped and abused.

Details of the research is published on GitHub, revealing the security vulnerabilities that make the numbers on WhatsApp exposed to severe risks.

While Meta was informed of the vulnerability last year, the company did nothing about it, which has kept users of the platform and their data exposed.

A Privacy Breach That Should Not Be Possible

WhatsApp is known for giving the impression that users are protected with end-to-end encryption. However, the findings of this research reveal that there’s a lot more privacy issues than anyone can imagine.

According to the information, about 30% of users have provided information such as sexual orientation and/or political views in addition to their phone numbers, which can be used against them by the state or individuals.

Other users have also provided more details such as email addresses associated with government and military organizations, as well as clearly identifiable pictures.

With such information, bad actors can create fake identities to commit crimes that point back to innocent users, making it a major concern.

Meta’s Silence Is Making the Problem Worse

Security analysts warn that this flaw isn’t just a privacy issue, it’s a structural failure that could reshape how user data circulates on the dark web. Leaks of this scale have historically led to identity theft, SIM-swap attacks, phishing campaigns, blackmail attempts, and fraudulent accounts built using real people’s information.

Recently, there have been several incidents of bad actors stealing the personal information of victims and selling on the dark net.

The lack of response from Meta remains the most alarming part. Without a fix, the entire user base is effectively sitting inside a public directory that anyone with basic scraping tools can harvest. Security experts say the company must implement technical safeguards immediately or face one of the most damaging privacy incidents in its history.

For now, the numbers remain exposed, the vulnerability remains active, and Meta has yet to explain why.

More Must-Reads:

• Threads Puts Podcasters in the Spotlight With New Features
• Facebook Moves to End Likes and Comments on External Websites
• Tinder Wants to Check Your Photos to Make Match Recommendations