A Twitter user discovered that the Google search engine shows links to private WhatsApp groups, admitting that anyone can join them or take their phone numbers. Journalist Jordan Wildon was the one who discovered and published on his Twitter account that a simple Google search can generate thousands of results from private WhatsApp groups, to which anyone can later join.
This happens because the search engine indexes the links with invitations to these groups, which generates that they become public and anyone who finds the link can join and access cell phone numbers and private conversations.
Because of this failure, the links are available on the web and can be shared outside the private security of the messaging service. Once the user joins the group through a specific Google search, they access all the phone numbers of their participants.
Administrators can invalidate the invitation link to chat to a group if they want but Wildon discovered that, in these situations, WhatsApp only generates a new link and does not disable the original. WhatsApp invitation groups come with warnings, reminding the person who generates the link to share it only with trusted people.
I checked a thousand WhatsApp groups online for security flaws, but what I found was details about everyone’s public and personal lives.
Under the expectation of privacy, people shared a lot of potentially dangerous information.https://t.co/4iC0ioyPXO
– Jordan Wildon (@JordanWildon) February 26, 2020
The spokeswoman for the courier, Alison Bonny, explained through an email that “Like all content that is shared on public search channels, invitation links that were publicly posted on the web, can be found by other WhatsApp users” He added that “the links that users want to share privately, with known and trusted people, should not be published on a publicly accessible website.”
Google did not want to make official statements on the matter but Danny Sullivan, in charge of Public Relations of the company, tweeted that “search engines such as Google and others list pages of the open web. This is what happened here. It is no different from any case where a site hosts public URLs. ”