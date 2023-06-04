Illustration: Shoshana Gordon/Axios

An Axios reader has uncovered a persistent privacy flaw in encrypted messaging service WhatsApp that's proven difficult for the company to squash.

What's happening: Eric — who works in the tech industry but requested we withhold his last name — told Axios he discovered the flaw when his son moved to France for work, got a new SIM card and updated his WhatsApp account with a new phone number.

The big picture: Eric's discovery is part of a broader issue with telecom providers quickly reassigning phone numbers after they've been forfeited.

Between the lines: This was the first time Eric had reported a potential security vulnerability to a tech vendor as an individual — and he found the bug bounty process "decent" since it gives vendors ample time to patch the flaw if they want and still allows researchers to go public if they're ignored.

The other side: A WhatsApp spokesperson told Axios this problem happens in "extremely rare circumstances," and the issue stems from mobile operators quickly reassigning old phone numbers after they're forfeiting.

The intrigue: Eric is going public with his findings so he can raise awareness about the issue with other WhatsApp users.

Be smart: If you change your phone number, be sure to quickly update any apps tied to it — including WhatsApp, Signal or other messaging apps — to prevent a future, accidental takeover of your account.

