All it takes is a simple Google search.
What you need to know
- WhatsApp group chats may be far less private than one would imagine.
- Invite links for private WhatsApp groups can be easily found via a Google Search, meaning anyone could potentially join a private chat.
- The issue likely stems from a mistake on WhatsApp's part.
A journalist for DW News this week tweeted out a grim warning: "Your WhatsApp groups may not be as secure as you think they are."
The reason for his concern? Invite links for WhatsApp groups are being indexed by Google's search engine, meaning that if a link to your private group exists anywhere on the internet, anyone could potentially find the link and join your group with just a quick Google search.
Doing so is as simple as typing in "site:chat.whatsapp.com" into the search bar on Google. Once you do, you can see that Google has indexed up to 470,000 such links, meaning hundreds of thousands of groups could potentially be accessible this way.Your WhatsApp groups may not be as secure as you think they are.
The "Invite to Group via Link" feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups.
— Jordan Wildon (@JordanWildon)
Admittedly, some of these links could have been intended for public sharing by their group administrators, but as discovered by
You can find groups belonging to NGOs and other organizations. Some of the indexed groups possibly also contain illegal material, with
WhatsApp has issued the following statement to Vice:
However, as app reverse-engineer Jane Manchun WongGroup admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.
The issue had been pointed out to Facebook's bug bounty program by a researcher