Access private WhatsApp groups from Google

Group administrators on WhatsApp, they should be very careful when sharing the invite links of their groups, since they can meet a stranger among their groups, seeing all the messages they send, photographs, phone numbers, and everything that may happen later.

Jordan Wildon, journalist for the Deutsche Welle publication, has discovered hundreds of thousands of private groups through the search engine thanks to the public invitation links. Accidentally opening the CrowdTangle tool on the WhatsApp web tab, it found a list of links to shared groups online. In that way he realized that Google, they were indexing thousands of WhatsApp group invitation links.

Your WhatsApp groups may not be as secure as you think they are.

The “Invite to Group via Link” feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups.

– Jordan Wildon (@JordanWildon) February 21, 2020

A spokesperson for Facebook I explain to Motherboard that the administrators of a WhatsApp group can generate an invitation link for other members to join the group. When this is shared on a publicly accessible website, search engines like Google can index it, which means that anyone can reach and access it with a simple search.

Jane Manchun Wong, specialist in reverse engineering adds in a tweet that with a simple Google search shows more than 470 thousand group invitation links Typing in the browser the command “site:”.

Many of those links are groups dedicated to ****, although links to groups of all kinds have been found. The downside of all this is that these types of links are public, anyone can come in and see the phone numbers of the participants, in addition to photographs and any comments made in it.

WhatsApp owned by Facebook, has issued the following clarification:

Group admins in WhatsApp groups can invite any WhatsApp user to join that group by sharing a link they have generated. Like all content that is shared on public search channels, invitation links that have been published openly on the Internet can be found by other users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.

The user HackrzVijay via Twitter, in November he discovered the problem and reported it seeking a reward, but a security employee from Facebook He replied that there was no problem. As I comment, it is intentional that the invitation links of WhatsApp are accessible to anyone, but it is surprising that they are being indexed by Google.

I reported to facebook in early November

– HackrzVijay ? (@hackrzvijay) February 21, 2020