Athul Jayaram, a cyber investigator, discovered that the phone numbers linked to WhatsApp accounts are publicly indexed in Google, creating what it considers a privacy problem for users.

Jayaram warns that There is a WhatsApp function called Click to Chat and warns that it puts users’ mobile phone numbers at risk., by allowing Google Search to index them so that anyone can find them.

Facebook, owner of WhatsApp, claims that it is not anything recorded and that the search results they only reveal what users have chosen to make public anyway. However, Jayaram said that they are leaked phone numbers and is convinced that this is a security error that puts the privacy of WhatsApp users at risk.

Click to Chat offers websites an easy way to start a WhatsApp chat session with website visitors. It works by associating a Quick Response (QR) code image (created through third-party services) to the WhatsApp mobile phone number of the site owner. This allows a visitor to scan the site’s QR code or click on a URL to start a WhatsApp chat session, without the visitor having to dial the number. However, that visitor still gets access to the phone number once the call starts.

So far everything seems, just, that it is something that is very controlled by Facebook, but Jayaram warns that those mobile numbers may appear in Google’s search results, since search engines index the Click to Chat metadata. So, the numbers are revealed as part of a url string: (https://wa.me/ < phone_number >) and therefore this filters the numbers of WhatsApp users.

According to the site the Threat Post, which released this news in recent days, the domain “wa.me” is owned and maintained by WhatsApp, according to WHOIS records and in an interview with Jayaram, the researcher explains :

“Your mobile number is visible in plain text at this URL, and anyone who takes the URL can know your mobile number. It cannot be revoked. ”

He argues that makes it easy for spammers to collect legitimate phone numbers to mount campaigns. Using a specially crafted search string from the https://wa.me/ domain, the researcher said he found that Google indexed 300,000 WhatsApp phone numbers.

Jayaram argues that because of this, Click to Chat presents a major security issue that could lead to abuse and fraud.

The computer scientist argues:

“As individual phone numbers are leaked, an attacker can send messages, call them, and sell their phone numbers to vendors, spammers, scammers.”

For its part, WhatsApp describes Click to Chat as an added benefit, which allows users to start a chat with someone without having their phone number saved in their phone’s address book. And Google agrees that it is not dangerous, but that if someone should delete that data, it is the webmaster, because they cannot do it even if they remove the information from the search controls.

Finally, Jayaram says that The best thing WhatsApp could do is encrypt this data to protect its users.. In addition, some people who use the messaging application told the media that they knew that their numbers were public and that they had done so in order to promote their business or, simply, their contact.

Do you consider this to be a privacy problem or not?