There is a way to show profile pictures to only contacts. It's a setting.

chatmasta · 2025-11-20T04:00:26 1763611226

Yes, and those people didn't get their profile pictures exposed through this phone number enumeration. If they had, then maybe it would have qualified as a security breach.

throwaway290 · 2025-11-20T09:40:26 1763631626

> Yes, and those people didn't get their profile pictures exposed through this phone number enumeration.

They did and this was not enumeration, did you read post?

chatmasta · 2025-11-20T11:44:36 1763639076

The post with the headline “Worldwide enumeration of accounts was possible?”

throwaway290 · 2025-11-20T11:56:47 1763639807

OK... but it's not phone number enumeration. You need to give it a phone number to check if whatsapp acc is registered for it. So you need to have a collection of phone numbers first. If you have a collection of all phone numebrs in the world then you could enumerate whatsapp accounts.

And yes the pictures were leaked in the process.

hashhar · 2025-11-20T13:32:33 1763645553

It's trivial to enumerate all the phone numbers in the world.

throwaway290 · 2025-11-20T14:37:15 1763649435

exactly. to claim enumerating phone numbers is a whatsapp bug is stupid. and to say profile pictures were not revealed = not reading tfa.

yorwba · 2025-11-20T17:57:42 1763661462

"The accessible data items used in the study are the same that are public for anyone who knows a user's phone number and consist of: phone number, public keys, timestamps, and, if set to public, about text and profile picture." Source: TFA, which I read.

throwaway290 · 2025-11-20T19:39:28 1763667568

From my understanding the accessible data items meant they got them through the bug? Maybe I read wrong