Researchers discovered a massive data leak involving 3.5 billion WhatsApp accounts through abuse of an API lacking rate limiting, exposing personal information worldwide. WhatsApp responded by adding protections, but the incident highlights a common vulnerability in unprotected APIs exploited by threat actors. #WhatsApp #APITraffic #DataLeak
Keypoints
- Researchers collected 3.5 billion active WhatsApp numbers using an unprotected API.
- The API allowed high-volume queries, enabling large-scale enumeration without restrictions.
- Data included profile photos, status, device info, and even identifiable faces from profile images.
- Similar API vulnerabilities have been exploited on platforms like Facebook, Twitter, and Dell.
- WhatsApp and other platforms have since implemented rate-limiting to prevent such abuse.