Overview
- Researchers from the University of Vienna and SBA Research exploited WhatsApp’s contact discovery to query over 100 million phone numbers per hour.
- The team confirmed more than 3.5 billion active accounts and, where available, retrieved profile photos, About texts, public keys and timestamps.
- Meta says it has closed the server‑side weakness after the disclosure, and the researchers report they deleted the data and accessed no encrypted messages.
- The dataset revealed millions of active users in countries where WhatsApp was banned at the time, including about 2.3 million in China, 60 million in Iran, 1.6 million in Myanmar and five in North Korea.
- Public fields and images created doxxing and fraud risks, and the researchers found many numbers from the 2021 Facebook leak still active on WhatsApp.