Home
Apps
Apps News
WhatsApp Security Flaw Exposed Billions of Phone Numbers: Details

WhatsApp Security Flaw Exposed Billions of Phone Numbers: Details

A group of researchers were able to extract 3.5 billion phone numbers and associated WhatsApp data.

Written by Akash Dutta, Edited by Ketan Pratap | Updated: 19 November 2025 19:27 IST

WhatsApp Security Flaw Exposed Billions of Phone Numbers: Details

Photo Credit: Unsplash/Mika Baumeister

Researchers said this is the most extensive exposure of phone numbers and profile data

Click Here to Add Gadgets360 As A Trusted Source

Highlights

Researchers checked a high volume of possible numbers on WhatsApp
They used automation to process these phone numbers
The researchers found that WhatsApp does not apply rate limits

WhatsApp's systemic flaw was exploited by a group of researchers to expose around 3.5 billion phone numbers and related account data. As per the study, the researchers took advantage of the fact that the Meta-owned platform does not apply any rate limits on showing profiles on a registered account, letting them process large datasets of possible phone numbers and checking if these numbers belonged to anyone. The researchers said this is the most extensive exposure of phone numbers and associated profile data ever documented, and in the wrong hands, could have led to a major security threat.

Researchers Expose 3.5 Billion WhatsApp Accounts

A team of researchers at the University of Vienna and SBA Research has uncovered a vulnerability in WhatsApp's contact-discovery system that enabled the enumeration of around 3.5 billion phone numbers and associated profile data. The research paper was published on GitHub and details their method, highlighting a critical security flaw in WhatsApp's system.

The method exploited the fact that WhatsApp allows users to upload a phone book and quickly see which contacts already have accounts. The researchers automated the process by systematically inserting large sets of possible phone numbers and recording whether each number was registered. Because the system did not enforce effective rate-limiting, they were able to check tens of millions of numbers per hour.

WhatsApp Finally Lets Beta Testers Try Multi-Account Support on iOS

Their analysis shows that for many of the discovered numbers, additional public metadata was available. Specifically, about 57 percent of the accounts had profile photos that were visible to “everyone,” and roughly 29 percent included text in the “About” field of the profile.

Interestingly, researchers also identified millions of accounts in countries where WhatsApp is banned. They found 2.3 million accounts in China, 1.6 million accounts in Myanmar, and about 60 million accounts in Iran by using phone-number ranges for those countries. “Phone numbers were not designed to be used as secret identifiers for accounts, but that's how they're used in practice,” a researcher was quoted as saying by Wired.

According to Wired, the researchers reached out to Meta to highlight the enumeration problem, which was then fixed by the company in October. Meta reportedly stated that the exposed information was “basic publicly available information” and that no message content or private data was accessed.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: WhatsApp, Data Privacy, Study, Cybersecurity

Akash Dutta Email Akash Dutta

Akash Dutta is a Chief Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More