WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.
The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hacking train Wi-Fi may expose passenger data and control systems
May 11, 2018
Vulnerabilities on the Wi-Fi networks of a number of rail operators could expose customers’ credit card information, according to research from Pen Test Partners. The research was conducted over several years, said Pen Test’s Ken Munro. “In most cases they are pretty secure, although whether the Wi-Fi works or not is another matter,” he added. Read more… Source: ...
- Who leaked the idea of ASD spying on Australians, and why?
April 30, 2018
“Secret plan to spy on Aussies,” The Sunday Telegraph headlined the story. “Two powerful government agencies are discussing radical new espionage powers that would see Australia’s cyber spy agency monitor Australian citizens for the first time.” It was a “power grab” detailed in “top secret letters” proposing that the Australian Signals Directorate (ASD) be able to use its cyber ...
- Tech firms could face new EU regulations over fake news
April 24, 2018
EU security commissioner says new regulations may have to be brought in if tech firms fail to tackle issues voluntarily Brussels may threaten social media companies with regulation unless they move urgently to tackle fake news and Cambridge Analytica-style use of personal data before the European elections in 2019. The EU security commissioner, Julian King, said “short-term, ...
- New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
April 23, 2018
Symantec has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries. Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, ...
- Millions of scraped public social net profiles left in open AWS S3 box
April 19, 2018
US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by. Security biz Upguard wandered by on February 18, and found the publicly accessible files in a misconfigured AWS ...
- Facebook moving 1.5 billion users away from GDPR protection
April 19, 2018
If a new European law restricting what companies can do with people’s online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. But the online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they ...

