July 19, 2026

Exposed: WhatsApp Flaw Unveils Billions of User Numbers, Is Your Privacy At Risk?

10 WhatsApp tips en tricks die je misschien nog niet kende 640w
Reading Time: 3 minutes

A team of Austrian researchers has reportedly found a way to extract the phone numbers of 3.5 billion WhatsApp users, leaving many to wonder if their own information has been compromised.

Method of Extraction

Any user can determine if a number is registered on WhatsApp by performing a simple search within the platform. If the number in question is associated with a WhatsApp account, the searcher will be privy to the account’s profile picture and user name. Scientists from the University of Vienna in Austria employed this very strategy to gather the phone numbers of 3.5 billion WhatsApp users.

In their search for vulnerabilities within WhatsApp’s end-to-end encryption system, the Austrian team discovered that the application lacked an important security measure known as rate-limiting protection. Such a feature would thwart the abuse of WhatsApp’s number-checking function. By exploiting this absence of protection, the team was able to obtain 30 million WhatsApp numbers registered in the U.S. within just 30 minutes. By the conclusion of their research, they had amassed the WhatsApp numbers of 3.5 billion users worldwide.

The extraction process was remarkably simple: the researchers merely altered the number sequence. In doing so, they could determine whether a number was registered on WhatsApp. Of the 3.5 billion users whose numbers were collected, approximately 57% had their privacy settings configured to display their profile picture to anyone. Given this, the researchers were able to easily collect these users’ profile pictures. They were also able to view the profile text of 29% of these users.

A Neglected Flaw

Interestingly, WhatsApp’s parent company, Meta, was alerted to this vulnerability in 2017 by a different team of researchers. Despite this, Meta failed to address the issue, meaning it remained straightforward to determine whether a number was registered on WhatsApp.

Earlier this year, the Austrian researchers brought their findings to Meta’s attention, emphasizing the severity of the security risk this flaw presents to WhatsApp users. Their concern is that malicious entities could exploit this loophole to obtain photos and phone numbers of a significant number of WhatsApp users.

Fortunately, in October of this year, Meta finally implemented a stricter rate-limiting measure on WhatsApp. This has ensured that such large-scale contact discovery is no longer feasible on the platform. The researchers have securely deleted their database containing the extracted phone numbers and associated data.

Other messaging platforms, such as Signal, already incorporate rate-limiting protection. This means that mass-scale contact discovery, like what previously occurred on WhatsApp, is not possible on these platforms.

Previous Security Breaches

This is not the first instance of Meta’s apps coming under scrutiny due to security flaws. Last year, a database containing information on 530 million Facebook users was publicly leaked online. Intriguingly, bad actors exploited a vulnerability akin to the one found in WhatsApp, accessing data by utilising Facebook’s feature that allows users to search profiles by entering a phone number. This allowed them to scrape the personal data of 530 million users.

WhatsApp may have its benefits, such as being free, supporting end-to-end encryption and accommodating group video calls. However, after learning of its security flaws and data collection practices, some users are considering alternatives. Platforms like Signal, which collects minimal data and provides advanced privacy features, are becoming increasingly popular.

Questions & Answers

What are the implications of the Austrian researchers’ findings?

The research highlights a major flaw in WhatsApp’s security system. This loophole could potentially be exploited by cyber criminals to extract photos and phone numbers of a large number of WhatsApp users.

Has this flaw been addressed?

Meta, WhatsApp’s parent company, has taken measures to rectify this flaw. In October of this year, a stricter rate-limiting measure was applied to WhatsApp, preventing such extensive contact discovery from taking place.

What alternatives exist for WhatsApp users concerned about security?

Signal is one such alternative. The platform already has rate-limiting protection in place, and it collects almost no data from users. It also offers advanced privacy features, such as concealing your IP address during calls, and preventing others from taking screenshots of your conversations.

Share it:
NAORA V4 970x250

Must reads:

Behind the Buzz
Retail News Asia — Your Daily Fix of What’s Happening in Asian Retail

We’re here to keep you in the loop—every single day. Whether you’re running a small local shop, scaling an online biz, or part of a global brand making moves in Asia, we’ve got something for you.

With 50+ fresh stories a week and 13.6 million readers, Retail News Asia isn’t just another news site—it’s the go-to source for all things retail across the region.
Retail Kitchen
We respect your inbox as much as we value your time. That’s why we only send carefully curated weekly updates, packed with the most relevant news, trends, and insights from the retail industry across Asia and beyond.
Copyright © 2014 -2026 |
Redwind BV