Although WhatsApp is primarily a mobile app, currently being used by over 400 million users in India, some working professionals also use the instant chat app on their desktops and PCs via the Web version.
Independent cybersecurity researcher Rajshekhar Rajaharia on Friday shared some screenshots showing indexing of personal mobile numbers of WhatsApp users via Web version on Google Search.
"The leak is happening via WhatsApp on Web. If someone is using WhatsApp on laptop or on an office PC, the mobile numbers are being indexed on Google Search. These are mobile numbers of individual users not business numbers," Rajaharia told IANS.
Earlier this week, concerned at private group chat links being available on Google Search, WhatsApp said that it had asked Google not to index such chats and advised users not to share group chat links on publicly accessible websites.
Google had indexed invite links to private WhatsApp group chats, meaning anyone can join various private chat groups with a simple search. The indexed WhatsApp group chat links have now been removed from Google.
"Despite WhatsApp advising users and telling Google to remove the earlier exposed group chat links, the mobile numbers via WhatsApp Web application are now being indexed on Google Search," Rajaharia noted.
A WhatsApp spokesperson said in an earlier statement that since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing.
"We have given our feedback to Google to not index these chats. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website," the company spokesperson said.
The issue was first cropped up in February last year when app reverse-engineer Jane Wong found that Google has around 470,000 results for a simple search of "chat.whatsapp.com", part of the URL that makes up invites to WhatsApp groups.
According to Rajaharia, the latest leak of personal mobile numbers via WhatsApp on Web has not been addressed so far by the either Facebook-owned platform or Google.