WhatsApp has resolved an issue wherein some of its private groups and user profiles were accessible on Google Search.
The bug, spotted by cybersecurity researcher Rajshekhar Rajaharia, Bug allowed users to join a private WhatsApp group, see their participants and phone numbers along with updates shared within the group.
Rajaharia tweeted over 1,700 group invite links and more than 7,000 profiles were appearing in Google search results.Some of these links led to groups sharing pornography, while others were for groups dedicated to specific interests or communities. These links are, however, no longer appearing in search results.
WhatsApp had not included the robots.txt file for ‘chat.whatsapp.com’ subdomain which had led to the indexing of these groups and profiles, he added.Robots.txt is a global standard used by developers to instruct search engine crawlers as to which pages can or cannot be processed from their websites.
Rajaharia also confirmed that bug has been fixed, but he doubts whether it was done by Google search or Whatapp.
Exclusive: @WhatsApp removed all of its group invite & profile links from @Google Search. Still not clear that Google removed these links or whatsapp approach Google to remove links. It is a quick action#Infosec #Privacy #Whatsapp #infosecurity #CyberSecurity #GDPR #DataSecurity pic.twitter.com/oo4VRBPs9b— Rajshekhar Rajaharia (@rajaharia) January 10, 2021
“Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group.