WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • MyHeritage Says Over 92 Million User Accounts Have Been Compromised

    June 5, 2018

    MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, after an unnamed security researcher discovered a database file named “myheritage” ...

  • Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

    June 4, 2018

    After being embroiled into controversies over its data sharing practices, it turns out that Facebook had granted inappropriate access to its users’ data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New York Times, the social network giant struck data-sharing partnerships with at least 60 device ...

  • GDPR: US news sites blocked to EU users over data protection rules

    May 25, 2018

    A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect. The Chicago Tribune and LA Times were among those posting messages saying they were currently unavailable in most European countries. The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their ...

  • Facebook data on 3 million users reportedly exposed through personality quiz

    May 15, 2018

    Facebook data on more than 3 million people who took a personality quiz was published onto a poorly protected website where it could have been accessed by unauthorized parties, according to New Scientist. In a report exposing the potential leak, New Scientistsays that the data contained Facebook users’ answers to a personality trait test. While it didn’t include users’ ...

  • Telco intercepts should be expanded to OTT providers: AGD

    May 14, 2018

    The Attorney-General’s Department (AGD) has argued in favour of extending Australia’s telecommunications interception laws from telcos to over-the-top providers. Speaking before the Joint Committee on Law Enforcement on Friday, AGD Assistant Secretary Andrew Warnes said this expansion would help combat the “challenge of encryption”. Read more… Source:  

  • Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext

    May 13, 2018

    An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What’s worse? The vulnerabilities also impact encrypted emails you sent in ...