WhatsApp fixes bug that leaked group chats on Google Search
WhatsApp had not included the robots.txt file for 'chat.whatsapp.com' subdomain, which had led to the indexing of these groups and profiles, cybersecurity researcher Rajshekhar Rajaharia says.
By ETtech | Updated:
ETtech
WhatsApp has resolved an issue wherein some of its private groups and user profiles were accessible on Google Search.
The development comes at a time when WhatsApp is facing a backlash from its users over its new privacy policy and terms of service that seeks to share more user data with parent Facebook. On Monday, ET reported that several Indian and multinational companies had started issuing advisories to staff, asking them to avoid sharing sensitive company information on WhatsApp and stop using the platform for critical business calls.
The bug, spotted by cybersecurity researcher Rajshekhar Rajaharia and first reported by Gadgets360, allowed users to join a private WhatsApp group, see their participants and phone numbers along with updates shared within the group.
Rajaharia told ET that over 1,700 group invite links and more than 7,000 profiles were appearing in Google search results.
Some of these links led to groups sharing pornography, while others were for groups dedicated to specific interests or communities. These links are, however, no longer appearing in search results.
WhatsApp had not included the robots.txt file for 'chat.whatsapp.com' subdomain which had led to the indexing of these groups and profiles, he added.
Robots.txt is a global standard used by developers to instruct search engine crawlers as to which pages can or cannot be processed from their websites.
“Since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time," a WhatsApp spokesperson said.
"Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website," the spokesperson added.
The issue first surfaced in 2019 due to a misconfiguration by the messaging app that enabled more than 470,000 group invite links to be indexed by search engines, as pointed out by prominent reverse engineer Jane Manchun Wong and fixed by the company last year.
On Monday, ET reported that several Indian and multinational companies had started issuing advisories to staff, asking them to avoid sharing sensitive company information on WhatsApp and stop using the platform for critical business calls.
The development comes at a time when WhatsApp is facing a backlash from its users over its new privacy policy and terms of service that seeks to share more user data with parent Facebook. On Monday, ET reported that several Indian and multinational companies had started issuing advisories to staff, asking them to avoid sharing sensitive company information on WhatsApp and stop using the platform for critical business calls.
The bug, spotted by cybersecurity researcher Rajshekhar Rajaharia and first reported by Gadgets360, allowed users to join a private WhatsApp group, see their participants and phone numbers along with updates shared within the group.
Rajaharia told ET that over 1,700 group invite links and more than 7,000 profiles were appearing in Google search results.
Some of these links led to groups sharing pornography, while others were for groups dedicated to specific interests or communities. These links are, however, no longer appearing in search results.
WhatsApp had not included the robots.txt file for 'chat.whatsapp.com' subdomain which had led to the indexing of these groups and profiles, he added.
ADVERTISEMENT
Robots.txt is a global standard used by developers to instruct search engine crawlers as to which pages can or cannot be processed from their websites.
“Since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time," a WhatsApp spokesperson said.
"Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website," the spokesperson added.
The issue first surfaced in 2019 due to a misconfiguration by the messaging app that enabled more than 470,000 group invite links to be indexed by search engines, as pointed out by prominent reverse engineer Jane Manchun Wong and fixed by the company last year.
ADVERTISEMENT
A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search enginesIt should’ve been… https://t.co/BHtnVle3nO
— Jane Manchun Wong (@wongmjane) 1582288104000On Monday, ET reported that several Indian and multinational companies had started issuing advisories to staff, asking them to avoid sharing sensitive company information on WhatsApp and stop using the platform for critical business calls.
ADVERTISEMENT
Also read: India's tech chiefs follow Musk, signal move away from WhatsAppDownload
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
EU orders Meta to open WhatsApp to rival AI chatbots for freeADVERTISEMENT
