WhatsApp’s effortless contact discovery—the feature that lets anyone plug in a phone number and instantly see if it belongs to a user—has long been touted as part of its appeal. But, Wired.com reports, the same mechanism that makes onboarding simple also created an enormous privacy gap: cycling through every possible number worldwide allowed researchers to gather the phone numbers of nearly every WhatsApp user on the planet, along with profile photos and public text for many of them.
A team from Austria demonstrated that by repeatedly querying WhatsApp’s contact system through the web interface, they were able to retrieve 3.5 billion phone numbers tied to WhatsApp accounts. For 57 percent of those numbers, the researchers could also view profile photos; for 29 percent, they could read public “about” text. They accomplished this because Meta had imposed no practical limit on how many lookups they could perform, allowing them to sweep through roughly 100 million numbers per hour.
The scale of the exposure stunned the researchers, who wrote that the trove of information would have constituted “the largest data leak in history, had it not been collated as part of a responsibly conducted research study.” One of the authors, Aljosha Judmayer, noted, “To the best of our knowledge, this marks the most extensive exposure of phone numbers and related user data ever documented.”
Meta was notified in April, and the researchers deleted all 3.5 billion numbers they had collected. By October, WhatsApp had implemented new rate limits to prevent such mass scraping from recurring. But until the fix was put in place, the researchers warn, anyone else could have performed the same type of data sweep. As Max Günther put it, “If this could be retrieved by us super easily, others could have also done the same.”
In a statement to WIRED, Meta thanked the researchers and emphasized that users who had set their privacy options to restrict their profiles remained protected. “We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses,” wrote WhatsApp engineering vice president Nitin Gupta. He added, “We have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.”
The researchers, however, say that they never encountered the “defenses” Meta referenced—pointing out that this isn’t the first time WhatsApp has been warned. In 2017, Dutch researcher Loran Kloeze demonstrated that the same enumeration technique could reveal numbers, profile pictures, and online status. At the time, Meta (then Facebook) argued the platform was functioning as designed and told him he did not qualify for a bug bounty.
Asked by WIRED what protections were implemented in the years that followed, Meta asserted that evolving measures—including rate-limiting and machine-learning systems to detect scrapers—had been deployed. Yet the University of Vienna researchers not only reproduced Kloeze’s discovery, they expanded it dramatically by enumerating all 3.5 billion global accounts. They also analyzed how many users publicly exposed personal information, with 44 percent of the 137 million identifiable American numbers showing profile photos and 33 percent including visible “about” text.
In countries where WhatsApp permeates daily life, even higher percentages left profile photos open. The researchers collected nearly 750 million Indian numbers, 62 percent with photos visible, and 206 million Brazilian numbers, 61 percent displaying profile images publicly.
Their discovery came accidentally last year when they were studying other aspects of WhatsApp’s metadata. They noticed the absence of rate limits and tried enumerating US phone numbers. Within 30 minutes, they had gathered 30 million. “So we were kind of surprised. And then we just kept going,” recalls researcher Gabriel Gegenhuber.
Such a dataset would be invaluable to spammers, scammers, and criminal operations. But the implications extend beyond nuisance calls. The researchers identified millions of WhatsApp accounts registered in countries where the platform is banned—2.3 million numbers in China and 1.6 million in Myanmar. Governments hostile to WhatsApp could have used the same enumeration technique to identify and potentially target citizens using the app illegally. Reports have suggested that in China, some Muslims have been detained simply for having WhatsApp installed.
The Vienna team also examined the cryptographic keys associated with each account—keys used in WhatsApp’s end-to-end encryption. They found an unexpected problem: many accounts shared identical keys. In some cases, hundreds of users were tied to the same key, and 20 US numbers even had an all-zero encryption key. The researchers suspect that these anomalies point to unauthorized or modified WhatsApp clients, possibly used by scam networks whose tools break standard encryption behavior.
At the heart of the issue, the researchers argue, is the flawed assumption that phone numbers make suitable identity tokens for a platform used by billions. Phone numbers simply do not contain enough randomness to serve as secure, secret identifiers—especially when the entire number space can be scanned. If WhatsApp insists on linking accounts to phone numbers for effortless discovery, they say, then no anti-scraping solution will ever feel airtight. WhatsApp is now testing usernames in beta, which could offer a more privacy-preserving alternative.
“Phone numbers were not designed to be used as secret identifiers for accounts, but that’s how they’re used in practice,” Judmayer says. “If you have a big service that’s used by more than a third of the world population, and this is the discovery mechanism, that’s a problem.”
{Matzav.com}A sweeping federal review has uncovered a massive breakdown in how Commercial Driver’s Licenses are being granted nationwide. Transportation Secretary Sean Duffy said in a Fox Business interview that roughly 200,000 foreign nationals have been granted CDLs, and investigators believe that about 194,000 of those licenses may have been issued unlawfully under federal rules.
Duffy stressed that the issue goes beyond paperwork errors, noting that individuals are receiving CDLs despite failing to meet the English-language proficiency required by the Department of Transportation. “People can’t understand the English language, they can’t read signs, and they don’t know the rules of our road. That’s a problem,” Duffy said. “Americans aren’t safe.”
He warned that the problem has been compounded by the rise of “CDL mills,” operations that fast-track foreign applicants through the licensing process with minimal training. According to Duffy, these outfits are pushing through drivers who have barely any grasp of American road regulations.
“We also see that there are CDL mills … people aren’t being properly trained, they’re being pushed through and getting licenses and driving across the country,” Duffy said. He added that the economic fallout has been substantial as well. “It’s driving American truckers out of business. And American trucking companies, driving the wages down,” he continued. “That’s not why we’re taking this action, but that’s a real consequence of having all of those foreigners come in. What we’re going to see is those wages rise.”
The emerging details show just how widespread the problem has become. DOT officials recently disclosed that California’s Department of Motor Vehicles acknowledged improperly granting 17,000 CDLs to foreign truck drivers.
The safety concerns deepened further this week when ICE agents arrested an illegal alien in Kansas — an individual accused of terrorism ties in Uzbekistan — who had been issued a Pennsylvania CDL after being released into the country by the Biden administration.
{Matzav.com}
WATCH:
LISTEN:
https://matzav.com/wp-content/uploads/2025/11/Bitachon4Life-Shiur-1634-Chikuy-Part-34-Yeshua.mp3For more info, email bitachon4life@gmail.com.
A wave of citizens have reported receiving alarming emails that appear to come from the Israel Police, but officials are warning that the messages are fraudulent and part of a cyber-scam attempt.
According to the National Cyber Directorate, numerous reports have come in about emails impersonating the police, often with subject lines such as “Suspicious activity detected on your account” and an attached file labeled as “official.” Police released images of the spoofed messages and emphasized that they are entirely fake.
Both the Israel Police and the National Cyber Directorate issued a joint warning on Tuesday, stressing that the emails are not authentic and urging the public to stay alert.
Authorities highlighted several key points:
– The police do not send emails with files for recipients to open.
– Opening the attached file may allow attackers to gain access to the victim’s computer and personal information.
Officials also outlined what the public should do when receiving such a message:
Do not open any attachments or click on any links.
Report the email to the National Cyber Directorate’s hotline at 119.
“If it looks too urgent or too important to be real, that’s probably exactly the point,” the Police Spokesperson’s Unit and the Cyber Directorate said in their advisory.
{Matzav.com}
The Satmar Rebbe, Rav Aharon Teitelbaum, currently visiting Eretz Yisroel, intensified his ongoing battle against the draft law and against any dela being advanced in the Knesset. Speaking today to residents of Yerushalayim, the Rebbe delivered an impassioned address, warning that anyone who supports a compromise “hands over tens of thousands of Jewish souls to shmad with full intent.”
The address took place Tuesday afternoon during the Rebbe’s visit to the Kesav Sofer beis medrash in the Geulah neighborhood of Yerushalayim, where people welcomed him with singing and great emotion.
Inside the beis medrash—where Satmar Rebbes of earlier generations also spoke—the Rebbe addressed the crowd wrapped in a tallis, in accordance with local custom. His remarks focused on affirming the community’s steadfast position on religious matters and rejecting any concessions tied to the draft issue.
At the close of his speech, the Rebbe spoke directly about the draft legislation being shaped in the Knesset, issuing a harsh condemnation of all compromise proposals:
“The army is like ‘kol bo’eha lo yashuvun.’ One who enlists in the IDF emerges from there a complete goy, rachmana litzlan. This is a grave violation of religion. Anyone who supports any form of compromise is abandoning thousands of souls to shmad, and it is an injustice for which he will never be able to atone.”
The Rebbe also pushed back against those who advocate partial concessions in an effort to preserve as many bnei Torah as possible, arguing that the comparison to “ten li Yavneh vechachameha” is being twisted.
“Rav Yochanan ben Zakkai did not hand over the rest of the Jewish people to the Romans. He sought to save the sages of Yavneh without taking destructive action. But here—anyone who votes for such a law is actively delivering Jewish souls to shmad. He is raising a hand against the Torah of Moshe!”
He concluded with a fervent call for worldwide outcry: “We must cry out the cry of yahadus chareidis throughout Eretz Yisroel—and throughout the Diaspora as well! May the Ribbono shel Olam have mercy on His people and remove the rule of wickedness from the land. Then the decree will be nullified, and we will merit the arrival of the Goel Tzedek speedily in our days—Amen!”
As reported earlier, during the reception at the Badatz office of the Eida HaChareidis, the Rebbe said he had traveled from the United States specifically to stand with those “waging Hashem’s battles” against what he described as the terrible decree facing the Torah community in Eretz Yisroel.
{Matzav.com}
