🚨 3.5 billion users: Entire WhatsApp directory publicly accessible
Source: https://www.theregister.com/2025/11/19/whatsapp_enumeration_flaw/
Here are our best #WhatsApp alternatives: https://tuta.com/blog/best-whatsapp-alternatives-privacy
Conclusion: Choose #Signal
@Tutanota “To our surprise, neither our IP address nor our accounts have been blocked by WhatsApp. Moreover, we did not experience any prohibitive rate-limiting. With our query rate of 7,000 phone numbers per second (and session), we could confirm 3.5 billion phone numbers registered on WhatsApp”
😐
@Tutanota Yes, but its also only the names and profile pictures.
Unfair to claim it as leak since most of it is online anyway
@Tutanota No offense. This seems to be pretty fuddy to me. The data that "leaked" was just the public data, like phone number, status text, pfp, etc.
Don't put anyhting you don't want public on a social media platform.
@Tutanota I’m not sure if I’m misunderstanding the article but couldn’t you also do this exploit in signal, since it has a look up by phone number option? I guess the main concern is the lack of rate limiting, but this could also be bypassed. The real lesson is that if you want privacy you shouldn’t dox yourself in your accounts.
@Tutanota 🔟 Easy Walmart Shopping Starts Here!
Get a prepaid gift card delivered instantly to your email — join today. Join Now: https://www.effectivegatecpm.com/x3b6hj9h7n?key=ecaa3fc2f2b5a1b27848c4b11300b8d0
@Tutanota one day you unwrap() what you shouldn't have, another day you again unwrap what you shouldn't have. What should I do with you bigtech?
#cloudflare #whatsapp #bigtech
@Tutanota elegiría mejor #DeltaChat
Quedó comprobado que #Signal utiliza los servidores de Amazon que, al momento de sufrir un colapso, la mensajería quedaría fuera de servicio.
@Tutanota mmm... Kudos to @signalapp for their work, but they should move their servers outside the US; otherwise there are crucial factors out of their control, I'm afraid.
@Tutanota Wild stuff for a tech company that talks a big game about privacy
Also it took them a year to fully address?!
"He also pointed to the disclosure timeline, as set out in the paper, and how it took Meta nearly a year to provide a meaningful response to the numerous tickets they raised throughout the research process."
