WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK Government To Seek Post-Brexit EU Data Protection Agreement

    March 5, 2018

    Tech firms said they welcome the government’s latest data protection plans, which could see an ongoing EU-level role for Britain’s information commissioner UK technology ndmpanies have welcomed a commitment by the government to seek a broader role for Britain in the ongoing development of European data protection policy after exit from the European Union, as laid out in ...

  • Your Location Data Is Being Sold – Often Without Your Knowledge

    March 4, 2018

    As location-aware advertising goes mainstream – like that Jack in the Box ad that appears whenever you get near one, in whichever app you have open at the time—and as popular apps harvest your lucrative location data, the potential for leaking or exploiting this data has never been higher. It’s true that your smartphone’s location-tracking capabilities ...

  • Equifax hack just got worse for a lot more Americans

    March 2, 2018

    Equifax has confirmed more Americans are impacted by the cyberattack that targeted the credit rating giant last year than was first revealed. The company said in a statement Thursday that an ongoing analysis showed 2.4 million more Americans had their names and partial drivers’ license information stolen, but they were not previously thought to have been affected. The company ...

  • Unsecured server exposed thousands of FedEx customer records

    February 15, 2018

    FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data, hosted on a password-less Amazon S3 storage server, was secured Tuesday after efforts were made ...

  • Equifax Lost Even More Information on Consumers Than It Told the Public

    February 14, 2018

    Confidential documents filed with the US Senate Banking Committee suggest that Equifax could have lost considerably more personal information about over 145 million Americans to hackers than it’s publicly let on, CNN Money reported. While Equifax had disclosed that names, dates of birth, and Social Security numbers might have been compromised, as well as some drivers’ license ...

  • German court rules Facebook’s use of personal data ‘illegal’

    February 13, 2018

    A German consumer rights group has said that a court had found Facebook’s use of personal data to be illegal because the US social media platform did not adequately secure the informed consent of its users. The verdict, from a Berlin regional court, comes as Big Tech faces increasing scrutiny in Germany over its handling of sensitive personal data that enables ...