It is pretty scary for any WhatsApp Group if their chats are exposed. It’s more about privacy than anything else. But here comes a surprise, Google Indexed WhatsApp Group Chat. Reported by Jordan Wildon@Twitter who discovered it said:
Your WhatsApp groups may not be as secure as you think they are. The “Invite to Group via Link” feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms, you can easily find some… interesting… groups.
Google indexed WhatsApp Group Chat links
It raises a big question mark on WhatsApp security. According to Jane Manchun Wong, its happening because of misconfiguration by WhatsApp. It has enabled ~470k Group Invite links to be indexed by search engines. WhatsApp should’ve have used the Disallow with robots.txt or the No-index meta tag. It has resulted in Google indexing the WhatsApp group chats via the invite links, and it works even for the private group chats. All he did was some specific search based on “chat.whatsapp.com” URL, which is part of the invite created by WhatsApp. What I don’t get is if it’s based on the “device to device” encryption, how are the chats being indexed.
Motherboard investigated further, and they were able to retrieve phone numbers by joining a group that described itself as being for NGOs accredited by the United Nations. It’s no bummer because you can see it after joining, and invites are not password protected. Anybody with the link can join the group.
Here is what WhatsApp Spokesperson said to them:
“Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.
Well, there is nothing in the comment that we do not know but ist a big failure for WhatsApp allowing links to be discoverable. That should not have been possible on the first hand. WhatsApp has been earlier used by hackers to install malware using the call feature.
It looks like if WhatsApp has taken their course of action. If you search with site:chat.whatsapp.com, it doesn’t reveal anything.
Does this raise a concern for you? Will you be moving to another messenger that is more secure like Signal, Wire, Telegram, and anything similar?