WhatsApp security flaw lets experts scrape 3.5 billion user numbers - here's what we know, and how to stay safe

• WhatsApp has 3.5 billion active accounts exposed to metadata scraping risks globally
• Contact-discovery flaw allowed enumeration of phone numbers at a massive global scale
• Millions of encryption keys were reused across accounts, undermining security assumptions

WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery.

A study by researchers at the University of Vienna revealed the app's contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.