Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Enumerating Three Billion Accounts on WhatsApp [pdf] (github.com/sbaresearch)
2 points by fkarg 5 months ago | hide | past | favorite | 1 comment


Abstract—WhatsApp, with 3.5 billion active accounts as of early 2025, is the world’s largest instant messaging platform. Given its massive user base, WhatsApp plays a critical role in global communication. To initiate conversations, users must first discover whether their contacts are registered on the platform. This is achieved by querying WhatsApp’s servers with mobile phone numbers extracted from the user’s address book (if they allowed access). This architecture inherently enables phone number enumeration, as the service must allow legitimate users to query contact availability. While rate limiting is a standard defense against abuse, we revisit the problem and show that WhatsApp remains highly vulnerable to enumeration at scale. In our study, we were able to probe over a hundred million phone numbers hourly




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: