WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Fitness app Polar exposed locations of spies and military personnel

    July 8, 2018

    A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user’s fitness activities over ...

  • Fortnum & Mason data breach: 23,000 customers’ details accessed

    July 3, 2018

    The data of thousands of Fortnum & Mason customers, including addresses and contact phone numbers, has been accessed after a breach on a form on its website. The 310-year-old food shop, known as the “Queen’s grocer”, has become the latest company to fall victim to an attack. About 23,000 people who filled out a survey or took ...

  • Data Regulators See Spike In GDPR Complaints

    July 2, 2018

    Companies are seeing a sharp spike in requests for information on how their data is collected and processed following the introduction of the General Data Protection Regulation (GDPR) across Europe a month ago, with many requesting extensions to the legal deadline for their replies. The regulation has also shaken up the online advertising business, with some adtech firms ...

  • Adidas US breach may have exposed millions of customers’ personal info

    June 29, 2018

    Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial nor fitness information was at risk. Read more… Source: The Register  

  • Up to 40,000 British Ticketmaster users may have had their personal and payment details stolen by hackers

    June 27, 2018

    Ticketmaster UK have admitted British customers may have had their credit card data stolen in a security breach that could have affected up to 40,000 people. The company says it ‘identified malicious software’ on a third party product on Saturday, but did not reveal the breach until today. The firm said it disabled the software as soon ...

  • UK Tax Agency Collects 5.1M Biometric Voice IDs, May Violate GDPR

    June 24, 2018

    Her Majesty’s Revenue and Customs (HMRC) in the UK is under investigation by that country’s regulator over the collection of more than 5 million biometric voice IDs. The Information Commissioner’s Office (ICO) is investigating the tax agency’s practice, which may violate the recently implemented General Data Protection Regulation, following an official complaint from watchdog group Big ...