Researchers scrape WhatsApp accounts using enumeration flaw.

University of Vienna researchers discovered a flaw that let them scrape data from 3.5 billion WhatsApp accounts by generating phone number combinations without being blocked. They collected timestamps, public keys, and in some cases profile pictures and “about” texts, enabling inferences about account age and linked devices. Meta rolled out mitigations in September and October 2025 after receiving full technical details, stressing that no private messages or contacts were exposed. The researchers securely deleted the data, and Meta said there is no evidence of malicious exploitation.

Read more:

https://www.securityweek.com/vulnerability-allowed-scraping-of-3-5-billion-whatsapp-accounts/