The recently announced introduction of usernames on WhatsApp is making security experts sit up and take notice. If users register the names of well-known people for the messaging service, this type of identity theft could be used to commit fraud. WhatsApp operator Meta Platforms weighs it down. The usernames of well-known personalities are already reserved for them and protected accordingly. This also applies to usernames on other meta platforms such as Facebook and Instagram.
Read more after the ad
However, this apparently does not include the usernames of other major online platforms, as Changpeng Zhao, founder of the well-known crypto exchange Binance, found out. His username ‘cz_binance’, registered on Twitter and now X, is no longer available and he himself was no longer able to reserve it, as he writes on X. Observers fear that fraudsters have already grabbed this username in order to use a name known in cryptocurrency circles.
Meta Platforms announced the feature just last week. WhatsApp usernames are intended to keep cell phone numbers private. Until now, when contacting someone on WhatsApp, the mobile phone number was always revealed first, as every WhatsApp account is linked to it. In the future, users should be able to decide for themselves who they want to show them to – for example when joining new group chats or getting to know new people. The cell phone number is only still required when creating a new WhatsApp account.
Official investigation possible in India
WhatsApp usernames are particularly viewed critically in India, a country that has the most WhatsApp users at over 500 million. According to TechCrunch, the Indian Ministry of Electronics and Information Technology has communicated concerns to WhatsApp. The feature could “significantly increase the frequency of online fraud, phishing, fake police extortion, and identity theft attacks” if criminals can contact users without revealing their phone numbers.
WhatsApp should therefore explain why no regulatory action should be taken under Indian IT laws if fraudsters can impersonate “authorities, financial institutions and government agencies”. The function should therefore not be introduced until this has been clarified. WhatsApp, on the other hand, points out in an FAQ published by X that user names of well-known people, even in a modified form, can only be claimed by them. However, it is still unclear which prominent user names and similar forms of them were proactively reserved and which were not.
Read more after the ad
Username as a link to other meta platforms
In addition, user names that are already used as user names on other meta platforms, such as Facebook and Instagram, are protected. Users can also use this on WhatsApp to prevent possible identity theft. This in turn raises data protection concerns. Because it shows how easily Meta Platforms can link the identities of the different apps with each other.
Although WhatsApp user names can already be reserved, the function will only be rolled out gradually over the course of this year. Meta promises in the aforementioned FAQ: “We are taking our time and listening to feedback so that we get it right when we launch it later this year.”
Read also
(fds)
