WhatsApp groups are showing up on Google search all over again. As a result, anyone could discover and join a non-public WhatsApp group by simply searching on Google. This was first discovered in 2019, and was apparently fixed in the year 2020 after becoming public. Another old issue, which also seemed to have been fixed but seems to be cropping up again, is user profiles exposure through search results. People’s mobile phone numbers and profile pictures can also be surfaced through a simple and easy Google search, due to the issue.
By allowing the indexing of group chat invites, WhatsApp is making several private groups available across the online as their links may be accessed by anyone using a simple search query on Google — although we aren’t sharing the precise details, this was verified by top websites. Someone who finds these links can join the groups and would even be ready to see the participants and their phone numbers alongside the posts being shared within those groups…
Cybersecurity researcher Rajshekhar Rajaharia informed news channels about the indexing of WhatsApp group chat invites on Google. The indexing appears to possess started again quite recently. At the time of writing this news, there were more than 1,500 WhatsApp group invite links available in your search results.
Some of the links indexed by Google result in WhatsApp groups sharing porn. In an exceedingly few other cases, there were links to WhatsApp groups dedicated to specific community or interest. Techbenzy also found groups sharing messages for Bangla and Marathi users. With the links, people that weren’t invite could easily join the groups.
This isn’t the first time that this issue went on. In November 2019, WhatsApp group chat invites initially found on Google search results. A security researcher reported the problem to Facebook. Though it absolutely was resolved soon after it was covered by several news outlets in February 2020.
Jane Manchun Wong, a Reverse engineer reported that WhatsApp had evidently fixed group chat indexing by adding the ‘noindex’ meta tag on the chat invite links. However, the new connections do include the noindex meta tag.
The group chat links exposed in 2019 time don’t seem to be visible on Google, so this could be a different issue resulting in similar results, or a change that unintentionally brought back an old problem.
Rajaharia told to the news channel that WhatsApp had excluded the robots.txt file especially for chat.whatsapp.com subdomain that led to indexing of group chat invites on Google and other search engines. Web developers ordinarily use a robots.txt file to inform search engine crawlers which files or pages they may crawl and which they should not for indexing.
WhatsApp making user profiles public on Google
Alongside group invite links, WhatsApp seems to own allowed Google again to index user profiles to let anyone chat with a user or examine their profile picture.
By searching for country codes on WhatsApp’s domain, the URLs of peoples profiles might be surfaced, including phone numbers and profile pictures. This issue perceived to are fixed by WhatsApp in June last year — the company had not issued an announcement at the time but multiple reports had also confirmed this.
Techbenzy found that the same as the group chat invites indexing, WhatsApp user profiles are again accessible on Google for the previous couple of hours. The search engine already indexed more than 5,000 profile links. Some links also result in the users who have enabled their profile pictures and statues to anyone on the messaging app.
Rajaharia, a cybersecurity researcher discovered the indexing of WhatsApp user profiles on Google search results. He noticed that similar to the group chat invites, there’s no particular robots.txt file for the api.whatsapp.com subdomain to inform program/search engine crawlers to not crawl its related links.
You may also like: