WhatsApp API Flaw Exposes 3.5 Billion Phone Numbers to Scraping

Researchers exploited a vulnerability in WhatsApp's contact discovery API, which lacked rate limiting, to scrape 3.5 billion phone numbers and associated personal information. This flaw allowed unrestricted data collection, highlighting a significant security oversight in WhatsApp's API. The exposure of such a vast amount of personal data poses serious privacy risks, including potential phishing and smishing attacks. This incident underscores the critical need for robust API security measures, such as rate limiting, API keys, OAuth, and IP whitelisting. Organizations should review their APIs for similar vulnerabilities and implement comprehensive monitoring to detect unusual activity. Users should remain vigilant about sharing personal information and be aware of potential phishing attempts. This vulnerability serves as a stark reminder that even widely-used applications can have significant security flaws, emphasizing the importance of regular security audits and testing.