A new WhatsApp security bug allow unknown users to access your private profile pictures due to a vulnerability in newly launched WhataApp web service. The security breach was found by a 17 year old security researcher Indrajeet Bhuyan who has identified the loophole in the web based WhatsApp version which was launched on January 21. According to a report first published on The Independent Bhuyan has identified that the new web adaptation of WhatsApp is not properly synced with the phone version which allows this bug to hack into users WhatsApp database.
Before finding this latest security breach in the messaging App Indarjeet Bhuyan had also discovered a way to Crash the App on Android by just sending a message. Bhuyan also posted a video on youtube demonstrating how the bug neatly lets a stranger have access to your profile picture even when you have set it for only viewable to only people in your contacts list.
That’s not all Bhuyan has also found another loophole that provide access to shared pictures that you have already deleted from your account. Usually the deleted WhatsApp picture appear as blurred images if you try to access them but it appears that they never get deleted from the web. However the safety of online deleted content is a long looming issue and many security experts have seen quoting from the long time that nothing vanishes from the web for forever.
Normally a hacker may need to pull out some strings to get into your private space but the new WhatsApp bug make the job fairly easy. As demonstrated in the above video by Bhuyan creaking up into anyone’s WhatsApp account seem so easy even an amateur hacker can establish it in a jiffy.
WhatsApp has not released any statement about the knowledge of the bug but we believe a fix should already be on its way. Given its reputation as the world’s biggest messaging App we don’t think WhatsApp would take any chances of losing its credibility among users.