WhatsApp fixes flaw that displayed private group invites on Google search

One of invite links led to a private chat with NGOs accredited by the United Nations

WhatsApp has fixed a flaw that could have let people slip into private WhatsApp groups through Google search.

A journalist at German publication DW News noticed that Google was indexing around 470,000 WhatsApp group invites, which would have allowed anyone to enter a private chat.

Reverse engineer Jane Manchun Wong found that WhatsApp fixed the problem by removing the listings from Google and adjusting the code on chat invitation links.

Although most of the chats didn’t have sensitive information, Motherboard discovered that one of the group chats appeared to be for NGOs accredited by the United Nations. Motherboard entered the chat and was able to see a list of all 48 participants along with their phone numbers.

WhatsApp said that the links that appeared on Google search had been shared in searchable public channels. It said that users who want to keep their chats private should not share invitation links on publicly searchable sites.

Further, Google’s public search liaison tweeted that this instance was no different than other situations where websites allow links to be listed publicly.

This instance shows that in order to keep your private chats actually fully private, it’s important to remind every participant to never share invitations on public spaces.

Source: @wongmjane, Motherboard