University of Vain-a
Calling this “the largest data leak in history” is like a researcher finding a phone book and screaming BREACH. They didn’t hack anything, they just asked WhatsApp “who’s this then?” a few billion times and WhatsApp, behaving exactly as designed, replied “here you go” like an overworked receptionist.
The only scandal is that anyone is pretending this behaviour isn’t fundamental to the product. Rate limits don’t fix the underlying absurdity: if you can type a number, you can query the person attached to it. That’s not a vulnerability, that’s the feature you all signed up for.
And the breathless academic tone doesn’t help. “We confirmed 3.5 billion numbers.” Yes, congratulations, you discovered that WhatsApp is popular and that humans use profile photos. Next week: groundbreaking research reveals water still wet, sky maintains blue streaks.
The real punchline is Meta acting grateful, as if they hadn’t been running a global identity directory for a decade and only just noticed someone looked at it too enthusiastically.
And honestly, if this is what passes for “research” at a modern university, God help us all. Enumerating phone numbers with a library someone else wrote is now worthy of papers, press rounds and responsible disclosure rituals. At this rate, the next PhD breakthrough will be “we discovered you can ring people by pressing the digits in the correct order.”
Biting the hand that feeds IT
