There may be hidden risks to billions of WhatsApp accounts. According to a recent analysis, there are major security flaws in the privacy of the communications that hackers might take advantage of.
With merely their phone number, finding someone on WhatsApp is very simple for many users, and the frequency of searches appears to be limitless. However, according to a recent analysis, this has turned into a significant security flaw that leaves 3.5 billion users of the messaging program vulnerable to assault.
Big WhatsApp security risk
Through a study carried out between December 2024 and April 2025, security researchers at the University of Vienna in Austria found the vulnerability. The primary cause of the problem is WhatsApp’s long-standing built-in capability for locating and adding contacts.
In theory, the app will display whether a number has an account if you add it and then search it up. Additionally, anyone with an active phone number is able to send messages to public accounts and view the profile.
A program known as “libphonegen,” which creates combinations of account numbers from other nations that may be registered on WhatsApp, was used by the team to carry out this procedure.
They were able to produce 63 billion possible accounts and 100 million numbers each hour in their study. 3.5 billion accounts were taken out of those. Of these, 29% had written profiles with sensitive information including political and religious affiliations and links to other social media accounts, while 57% had their profile images made public.
The vulnerability Is alarming
The results show how this WhatsApp security vulnerability could be exploited by malevolent parties, including fraudsters and attackers. For example, the encryption in the messaging app is weakened since public and identification keys are reusable rather than unique. Attackers might intercept and decrypt messages if security was compromised.
The identical WhatsApp vulnerability was discovered in 2017, but Meta has not been able to fix the flaw.
Following the discoveries, Meta was contacted by the security research group. The company verified that it implemented system modifications in October that restrict the number of account searches that may be done within the app.
How to protect yourself
Users with public profiles, however, are still vulnerable because others can still read their profile images and text. Making their WhatsApp profile private is advised for those who are worried about security and privacy.
Additionally, Meta has added new security and privacy features. A monthly message cap and automatically muting calls and messages from strangers are two of these that are presently being testing.
