WhatsApp group chats details leak on Google once again

WhatsApp group chats details leak on Google once again, resolved

Credit: AFP file photo.

A WhatsApp bug that first appeared in 2019, allowing people to gain access to group chats with a simple Google search, has resurfaced, a report by Gadgets 360 said.

The issue, which has since been patched out, involved indexing of WhatsApp group invites on Google search, according to cybersecurity researcher Rajshekhar Rajaharia. Before the issue was fixed, over 1,500 group invites were reportedly available on Google search pages.

The first time this happened was in 2019, when people learned that they could locate WhatsApp group chat invites with a simple Google search. At that time, over 4,70,000 group invite links were leaked. The error was fixed when WhatsApp updated the invites with the 'noindex' meta tag, removing them from Google's search.

A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines

It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag

thanks @JordanWildon for the tip https://t.co/CJxjJ5qyfh pic.twitter.com/FrW1I9Y8vs

— Jane Manchun Wong (@wongmjane) February 21, 2020

Another issue that propped up appears to allow Google to index user profiles, enabling anyone who searches for users to chat with them.

According to the report, over 5,000 user profiles were indexed by Google.

A WhatsApp spokesman said that the company has used the 'noindex' tag on all deep link pages since March 2020, which excludes them from listing on Google pages. The spokesman said that invite links that are posted publicly can be found by other WhatsApp users, and links that users wish to share privately should not be posted on a publicly-accessible website.

"Since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time.

Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.” – WhatsApp Spokesperson

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

Get a round-up of the day's top stories in your inbox

Check out all newsletters

Get a round-up of the day's top stories in your inbox