New Delhi: The phone screen suddenly lights up at night. A ‘Hi’ message or a good job offer from an unknown number. We often ignore it, but a shocking research of November 2025 has revealed to the world the dangerous truth hidden behind this seemingly simple message.
What the research has revealed is enough to give any WhatsApp user sleepless nights. It is claimed that the entire member directory of WhatsApp remained unprotected online for a long time, which was also sold on the dark web. According to Austrian researchers, they could have accessed the numbers and profile data of 3.5 billion users without any restriction. That means this can be considered the biggest data leak ever.
Memories of the Cambridge Analytica data breach are fresh. And the surprising thing is that according to researchers, Meta was informed about this flaw in 2017 itself, but this loophole remained open for years. The report also indicates that cyber criminals may have been taking advantage of this data for a long time.
The news of data of more than 350 crore WhatsApp users being at risk spread like wildfire. But investigation revealed that this was not a normal ‘hack’. This is not a matter of server facing, but of your digital identity becoming public and the biggest villain in this is not a hacker, but a system flaw of WhatsApp.
Security researchers from Vienna University of Austria found that the Contact Discovery Flaw present in WhatsApp exposed users around the world. In simple language, through a script, researchers pinged millions of random mobile numbers on WhatsApp, and every time they got information like profile photo, account active, about, which proved that the number was real and in use.
That means someone sitting in a room could prepare a verified mobile number list of WhatsApp users around the world and sell it on the dark web.
WhatsApp chats are secure. End-to-End Encryption is still secure. But there is a danger that your mobile number will be converted into a verified digital ID. Cyber experts call it Data Enrichment. This means that once scammers know that a number is active, the value of that number increases in the black market.
There are more than 500 million WhatsApp users in India, hence Indian numbers become the first target in every global data scraping.
Due to which incidents like digital arrest scam, part-time job fraud, video calls with +92, +84, +62 have increased rapidly recently. Researchers say that the flaw has now been fixed, but the data has already been scraped.
Meta said that the vulnerability has been patched and that no evidence of any account or chat being hacked was found. This is definitely a relief but the danger is still not completely over. What should you do now? Your digital security is in your hands. 100% privacy is impossible in today’s digital world, but basic security doors can be closed.
Profile Photo → My Contacts
About → My Contacts
Last Seen & Online → My Contacts
Silence Unknown Callers → On
These small steps can stop scammers from reaching your digital doorstep.
