WhatsApp's contact-discovery API had a flaw allowing researchers to scrape 3.5 billion accounts due to lack of rate limiting, enabling high-volume queries. This study highlighted vulnerabilities in API security across platforms. Researchers gathered extensive user data, including profiles, revealing large-scale abuse potential. WhatsApp subsequently implemented protections to prevent further exploitation.
WhatsApp API Flaw Let Researchers Scrape 3.5 Billion Accounts

