Meta Boosts WhatsApp Security Research with $4M in Bounties and New Proxy Tool

Simple WhatsApp Security Flaw Exposes 3.5 Billion Phone Numbers

Meta announced a new WhatsApp Research Proxy tool and $4 million in bug bounties paid out this year, addressing vulnerabilities affecting its 3.5 billion users. These efforts come after researchers discovered a flaw allowing enumeration of WhatsApp accounts at scale.

The ideal model of secure messaging assumes robust rate limiting and protection against data scraping; however, a recent study demonstrated a method to bypass these defenses, exposing user data. This type of vulnerability can lead to privacy breaches and potential abuse, with the scale of impact reaching billions of users and associated reputational damage.

Key Insights

• $4M bug bounty payout, 2025: Meta awarded $4 million to researchers for discovering and reporting vulnerabilities.
• Anti-scraping measures: Meta implemented protections to prevent large-scale data collection of WhatsApp accounts.
• CVE-2025-59489 (CVSS 8.4): A vulnerability in Unity applications on Quest devices allowed for arbitrary code execution.

Practical Applications

• Use Case: Meta leverages bug bounty programs to proactively identify and address security flaws in WhatsApp.
• Pitfall: Over-reliance on rate limiting without comprehensive anti-scraping measures can expose user data.

References:

• https://thehackernews.com/2025/11/meta-expands-whatsapp-security-research.html