A few moments ago, Jordan Wildon, a DW journalist, discovered that for some strange reason Google is indexing links to WhatsApp groups, which exposes both the conversations and the information of the participants, such as their phone numbers and photographs, and we can even start a conversation with them. That is, anyone with a simple Google search can access groups, which were supposed to be private, even in Mexico.
The fact is that when a group is created in WhatsApp, a code is generated that is actually a link that, in theory, should be private and only available for administrators to add interested members, but it is not. This is a severe security breach of WhatsApp, the most serious is that it had already been reported to Facebook since November 2019, as they point out in Android Authority.
A security flaw that allows anyone to join without problems
According to the information published in Vice, just do a search using the domain “chat.whatsapp.com” plus the topic that interests us. This will give us access to all kinds of “private” groups, ranging from porn (obviously) to NGOs, sales of articles, courses and whatever comes to mind.
In Xataka Mexico we did the test and we found groups of employees of Mexican companies, journalists and even groups that organize to stop work in various cities.
As I mentioned, in these groups we can see the photographs of the user, their telephone numbers and in some cases their contact information. Here, just wait and we’ll start watching the conversation without anyone having to approve our entry to the chat or limit our participation.
The only thing administrators can do is disable the link to the group, which will limit new people to join but will not fail to show the public details of the group on Google since this will only generate a new link that does not deactivate the original.
Speaking to The Verge, Alison Bonny, a Facebook / WhatsApp spokesperson mentioned:
“Like all content that is shared on public search channels, invitation links published on the Internet can be found by other WhatsApp users. Links that users want to share privately with people they know and in which they trust they should not be published on a publicly accessible web page. “
While Danny Sullivan of Google declared, also to The Verge:
“Search engines like Google and others list the pages of the open web. That is what is happening here. It is no different from any case in which a site allows URLs to be publicly listed.”
And this last one that Sullivan comments is the key: “open web pages”. Since the link generated by each WhatsApp group is open without any protection from Facebook, a fault that should not exist if we talk about it being a “private group”.
From Xataka Mexico we have contacted both Facebook / WhatsApp and Google in Mexico to have more details about this topic. We will update the post in case you have new information or position on the part of the companies.