WhatsApp security: Thousands of links to groups still online

Social media outrage prompted the company to remove the links from Google's search results. However, a DW team has found proof that WhatsApp group information still remains widely available online.

Publicly-available internet archives continue to store WhatsApp group information, despite the removal of the links. DW journalists examined 427 of these links and found, among others, groups for school classes, medical trainees, political campaigns, businesses and sex workers.

DW further discovered that a group's title, description, image and creator's phone number could be viewed even without joining the group. Upon joining, it is possible to see phone numbers of up to 256 participants. Adding these numbers to one's contacts can reveal their names in the app.

In some cases, the group image looked to be amateur pornography or had suggestive titles, raising questions of consent. Also listed were potential terror groups and groups advertised as for sharing footage of "extreme" sexual content, including rape. A small number indicated that they were for child pornography

Reports of the flaw go as far back as 2016, when Mexican computer scientist Aurelio Cuautle found phone numbers listed in Google search results and informed WhatsApp. A Hyderabad-based security researcher, known as HackrzVijay on Twitter, says he reported the issue to Facebook in November 2019. In the emails, Facebook admitted that "the links being accessible by anyone was an intentional product decision," adding that "the surprise here was that they're indexed by Google."