India, WhatsApp’s biggest market with 400 million users, has asked the Facebook-owned company to explain the nature of a privacy breach on its messaging platform that has affected some users, Technology Minister Ravi Shankar Prasad said.
“We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” Prasad said in a tweet on Thursday.
The surveillance revelations come after the messaging platform sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents including diplomats, political dissidents, journalists and government officials. NSO denied the allegations.
In its lawsuit filed in a federal court in San Francisco, WhatsApp accused NSO of facilitating government hacking sprees in 20 countries, calling it “an unmistakable pattern of abuse.”
The attack, according to WhatsApp, exploited its video calling system in order to send malware to the mobile devices of a number of users. The malware would allow NSO’s clients – said to be governments and intelligence organisations – to secretly spy on a phone’s owner, opening their digital lives up to scrutiny.
People familiar with WhatsApp’s investigation told Reuters that a significant number of Indian civil society figures were put under surveillance using the Israeli spyware.
The company has not identified anyone by name, users including Indian lawyers, academics, Dalit rights activists and journalists have come forward to say they received warnings from WhatsApp that they were the targets of espionage.
WhatsApp said Indian users were among those contacted by it this week.
WhatsApp declined to comment on Prasad’s tweet, but referred to a previous statement from the company which said it believes people have the fundamental right to privacy and no one else should have access to their private conversations.
Sidhant Sibal, a New Delhi-based journalist, told Reuters the University of Toronto’s Citizen Lab – which investigates digital espionage among other research projects – called him about a month ago, informing him that his WhatsApp account was one of several under surveillance.
He received a text message from WhatsApp this week saying it cared about “your privacy and security”.
“In May we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices,” the company said, explaining why it was writing to Sibal and other affected users like him.
“There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your mobile phone secure,” he said.
Citizen Lab in a post on its website dated Oct. 29 said it was helping WhatsApp investigate the incident and would continue to contact affected individuals to help protect their security.
Last year, the Indian government began pushing the Cupertino, California-based company to trace the origin of some messages, saying the platform was being used to spread misinformation.
WhatsApp has always maintained it will not take such steps, which would require it to weaken encryption and other privacy protections.
Globally, the platform is used by some 1.5 billion people monthly and has often touted a high level of security, including end-to-end encrypted messages that cannot be deciphered by WhatsApp or other third parties.