WhatsApp, the vulnerability that puts the data of 3.5 billion users at risk: Meta’s intervention

The study carried out by a working group from the University of Vienna and SBA Research reveals a serious flaw in the privacy protection system of WhatsAppdue to which as many as 3.5 billion accounts …

Jack Williams

Written by: Jack Williams

Published on:

WhatsApp, the vulnerability that puts the data of 3.5 billion users at risk: Meta's intervention

The study carried out by a working group from the University of Vienna and SBA Research reveals a serious flaw in the privacy protection system of WhatsAppdue to which as many as 3.5 billion accounts were hacked worldwide. According to the researchers, who are talking about the largest data leak in history, the cybercriminals did not need to break into servers or even use Trojans, but would simply have used a feature already available on the instant messaging app.

According to what was specified by Wired USA, it was the function that was exploited adding contacts through the WhatsApp web interface, i.e. the “contact discovery“, with which you authorize the app to access the address book to check which phone numbers are registered. Using software to automate this check, sending around 100 million queries per hour, the research team obtained the phone numbers associated with 3.5 billion active users in 245 states, retrieving profile photos in 57% of them and status updates in 29% of the total.

In reality, public encryption keys were also recovered, fortunately not enough to decipher the private messagesand also information relating to users’ habits of using the app, so the data that could be acquired due to the vulnerability was potentially very large.

The results of the researchers’ work, which took place between December 2024 and April 2025, were made known only after the resolution of the problem by Meta, which introduced new and more solid boundaries with the aim of better protecting user privacy. Of the 3.5 billion profiles violated, 55,606,677 are Italian: theItaly15th in the world ranking, is the European state with the most WhatsApp accounts.

“To the best of our knowledge, this is the largest exposure of phone numbers and related user data ever documented”researcher Aljosha Judmayer told Wired USA. Meta, for its part, instead tried to minimize the impact of the flaw, describing the data recovered as “basic information available to the public”being visible in the application itself if the account is among the contacts.

“We found no evidence of malicious actors abusing this information”the vice president of engineering explains to Wired USA

WhatsApp Nitin Gupta, “We remind you that user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to researchers.”

Jack Williams

Jack Williams

Jack Williams established himself as the editor-in-chief of The Vermilion with rigorous journalistic traits and an incessant quest for truth. His career began as an investigative reporter, where he quickly gained a reputation for his in-depth research and insightful articles. Williams takes his role at The Vermilion very seriously. Since he became editor-in-chief, he has set an editorial line based on impartiality, factual accuracy, and context relevance; this has established The Vermilion as a reference for political, economic, and global news. Under his leadership, the media continues its mission of reporting news with accuracy and equanimity, giving a voice to those who are often overlooked by large-scale media. Jack dedicates himself to fulfilling this mandate with passion, rigour, and unwavering determination.

Previous

Black Friday, the tech products to keep an eye on: our tests

Next

Trivial and lacking in security: here are the most used passwords in Italy in 2025