Private WhatsApp Groups have been accessible through Google Search
Are you part of a private group on WhatsApp? Do you know everyone in the group? How did they all join in? Did anyone use the “Invite to Group via Link” feature? Well, do a double check of everyone in your group. Make sure you know all of them, because as it has now been revealed, data on Private WhatsApp groups has for a long while now been exposed to Search Engines including Google. And Facebook, the company that owns WhatsApp, has been in the know.
Apparently, Google and other Search Engines, have been indexing these invite links from WhatsApp leading to the potential exposure of very many private groups’ metadata. Do note that not all groups have been exposed. The Invite Link has to have been shared somewhere online for the indexing to work. And no, this isn’t Google’s fault. It is Facebook’s.
First reported by DW journalist, the design flaw allowed chat.whatsapp.com URLs to be indexed on Google. A simple search using the “SITE:” modifier on Google, with some keywords, would lead you to some interesting groups. You could then simply click on the link, and join the group. And that way you could have details, and numbers, of everyone in the group.
WhatsApp, in a statement to VICE, has said:
Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.
Thousands of people private groups, and details can be accessed online, and the company is downplaying the issue. Remember, WhatsApp is one of the biggest platforms in the world. Millions of people use the platform for different things, some even for work and sensitive information.
This is something the company could have avoided by adding simple ‘tags’ to their links. A noindex request tag added to the links would tell Search Engines not to index these links.