The messenger service is in the crossfire this week: While iPhone users can finally hope for a multi-account function, a security gap of worrying proportions that has already been closed is revealed. Researchers were able to query data from 3.5 billion users – a dimension that is causing excitement even at Meta. But first things first.
A team from the University of Vienna and SBA Research has discovered what no one thought possible: WhatsApp’s “Contact Discovery” function – the practical mechanism that automatically detects which contacts use the messenger – was shockingly easy to defeat. The researchers bombarded the WhatsApp servers with requests at a breathtaking pace: Over 100 million phone numbers per hour could be checked.
What does that mean specifically? The experts were able to practically recreate a global WhatsApp database. In addition to the pure telephone numbers, they also got their hands on public profile information – profile pictures, status texts and other metadata. Particularly explosive: From the data collected, conclusions could be drawn about the operating system used, the age of the accounts and the number of linked devices.
Advertisement
In keeping with the topic of privacy – if you are wondering how secure your WhatsApp data really is, our free Telegram report will help you make the switch quickly and in a privacy-friendly way. The compact PDF guide explains step by step how to set up Telegram, hide your number, use secret chats and set the most important privacy settings. Ideal for anyone who wants to avoid metadata and unwanted insights. Download the Telegram switching guide now for free
The good news: The end-to-end encryption of the actual messages remained untouched. No one could read what users were chatting about. But the sheer amount of metadata – who uses WhatsApp, how active someone is, what devices are used – is likely to cause sleepless nights for data protection officers.
Meta closes the gap and thanks you
At least the Viennese researchers acted responsibly. They informed Meta before making their findings public. The vulnerability has now been resolved through collaboration. Nitin Gupta, vice president of engineering at WhatsApp, praised the “responsible partnership” with the researchers.
Was the loophole abused? According to Meta, there is no evidence of exploitation by criminals or secret services before the closure. Nevertheless, the incident clearly shows how vulnerable even established platforms can be – and how valuable metadata is for potential attackers.
At the same time, WhatsApp reported another, less critical vulnerability (CVE-2025-55179) for iOS and macOS in November. This would theoretically have made it possible to retrieve media content from any URL. Here too: no signs of active exploitation.
Finally: Multi-account function for iPhone in the test
Aside from the security turmoil, there is good news for iPhone owners. WhatsApp is testing a long-awaited function in beta version 25.34.10.72 via TestFlight: Managing multiple accounts on one device. Until now, iPhone users had to switch to the separate WhatsApp Business app – cumbersome and not practical for everyone.
How does it all work? Users can add a second, completely separate account and seamlessly switch between both profiles. Each account retains its individual settings: its own chat history, backup configurations, notification sounds and privacy settings. When you receive incoming messages, the app shows which account they are intended for – eliminating any confusion.
The highlight: The change takes place directly via the settings, without restarting the app. Can this actually noticeably improve user-friendliness? Definitely – especially for anyone who wants to clearly separate professional and private communication.
Comfort versus security: the eternal balancing act
The parallel developments paint a typical picture of the tech industry. While new features increase user-friendliness, security gaps remain a constant threat. The multi-account function brings WhatsApp closer to other meta-services such as Instagram or Facebook, where this option has long been standard.
When will the feature come to everyone? An official date is still pending, but the public beta test suggests an imminent roll-out. The most important insight for users remains: Install updates as soon as they are available. Because even if the encryption of message content remains robust, metadata is worth its weight in gold to anyone who gets their hands on it.
Recent events are a reminder that with 3.5 billion users worldwide, every vulnerability takes on a global dimension. Trust is good – current software is better.
Advertisement
PS: Worried about metadata and unwanted insights? The free Telegram report shows in clear, practical steps how you can switch to a data-saving alternative to WhatsApp in just a few minutes. You will receive tips on secure settings, hidden functions and convenient setup on your smartphone, tablet and PC. Perfect for anyone who wants to improve privacy quickly and securely. Get your Telegram report now
