Overview
- University of Vienna and SBA Research showed WhatsApp’s contact lookup could be queried at more than 100 million numbers per hour, confirming active accounts across 245 countries.
- Accessible information included phone numbers, public encryption keys, timestamps, and any publicly set profile photos and About texts, enabling inferences about device OS, account age, and linked devices.
- The study found millions of accounts tied to numbers in countries where WhatsApp was or is restricted, including China (2.3 million), Iran (60–67 million), Myanmar (1.6 million), and North Korea (5).
- Researchers observed broad exposure of profile elements, with 57% of users having public photos and roughly 30% filling in the About field; they also collected 77 million publicly visible U.S. profile images for analysis.
- Meta credited the findings under its Bug Bounty program, implemented stricter rate limits and anti-scraping defenses, affirmed that end‑to‑end encrypted chats were not accessed, and noted the researchers deleted the dataset.