Meta denied claims of a WhatsApp data leak, saying the numbers came from a controlled research project, not a breach.
Researchers showcased a method to identify active WhatsApp numbers, highlighting a potential risk but confirming no leak occurred.
The claims sparked public concern, with experts urging users to stay cautious and protect their personal information.
WhatsApp became the centre of debate after the emergence of online claims that the phone numbers of 3.5 billion users were at risk. The debate grew strong when a post emerged on X that a big leak had occurred. Thereafter, Meta also issued a comprehensive clarification, stating the allegation to be misleading and mentioning that no leak or security flaw had occurred. According to Meta, the numbers mentioned in reports online were related to a controlled academic project conducted under the WhatsApp Bug Bounty programme and not concerning any breach of user data. The topic gained public attention because WhatsApp has become an integral part of daily communication in India, and whenever there is a suspicion relating to user data, it creates widespread concern.
SurveyMeta’s response to the alleged WhatsApp security issue
Meta took to the Internet to address the claims through its official Bug Bounty account by replying to a tweet that claimed a massive leak in WhatsApp phone numbers. In its reply, Meta said the claim was misleading and reiterated that no data leak or security flaw had occurred.
The company clarified that the phone numbers posted online were, in fact, the result of an academic research project in cooperation with WhatsApp under its Bug Bounty programme. Such a research project was intended to support the discovery and mitigation of possible gaps associated with novel enumeration or scraping techniques.
Also read: Realme GT 8 Pro with Snapdragon 8 Elite Gen 5 chip launched in India: Check price and specs here
Meta emphasised that no non-public data was available to the researchers and that, in any case, all data collected during the study had been securely deleted since the research had been completed. Furthermore, Meta said there was no evidence of adversarial abuse based on this approach.
While reassuring users, Meta mentioned that personal messages continue to remain protected by end-to-end encryption. The company also added that it values collaboration with security researchers; such partnerships, in general, help strengthen WhatsApp’s overall security and defences.
What the researchers claimed in their study
The researchers from the University of Vienna earlier explored a technique that could identify whether certain phone numbers were active on WhatsApp. They said this behaviour was possible because, through automated systems, one could check a large volume of numbers quickly. The team said this technique, if misused, could allow for large-scale collection of active numbers and had existed since 2017. Their experiment collected close to 30 million US numbers in roughly 30 minutes. After completing the study, the team deleted all the data and informed Meta.
The researchers presented their findings as a potential risk rather than proof of a confirmed leak. Their focus was mainly on demonstrating how large-scale number enumeration could be possible if not monitored or restricted.
Also read: IT Minister Ashwini Vaishnaw says social platforms must own every post as digital threats rise
Why the alleged exposure raised concerns
Although the claims of a leak remain unverified, the idea of collecting phone numbers at such a scale triggered a public debate. A phone number is a basic identity point for users; hence, it’s attractive for scammers and fraudsters. If the numbers become widely identifiable, users may face a higher chance of phishing attempts, impersonation scams, unwanted calls, and spam.
But in India, WhatsApp is used not just to message friends and family but also in business, to make payments, and to bring community groups together. That makes an alleged risk about numbers more fraught. Even with messages remaining secured through end-to-end encryption in WhatsApp, access to numbers alone can still create avenues for targeted misuse.
Also read: Meta’s chief AI scientist quits after 12 years, here’s why
What users can do to stay safe
While Meta has denied the leak, experts say that users should still be cautious. Users are advised not to share phone numbers publicly, always be wary of unknown links coming through WhatsApp, and adjust settings to make profile photos and information private.
The debate has also opened discussions about the need for transparency in huge digital platforms and how important it is to continue monitoring for security breaches, even when one has not been confirmed to have happened.
Follow Us
Bhaskar Sharma
Bhaskar is a senior copy editor at Digit India, where he simplifies complex tech topics across iOS, Android, macOS, Windows, and emerging consumer tech. His work has appeared in iGeeksBlog, GuidingTech, and other publications, and he previously served as an assistant editor at TechBloat and TechReloaded. A B.Tech graduate and full-time tech writer, he is known for clear, practical guides and explainers. View Full Profile
