Spanish hacker exposes potential privacy flaws on popular messaging service WhatsApp

Valencian authorities issue hacker alert over mobile caller scam offering second booster dose

Image of a mobile phone. Credit: Christian Wiediger/ Unsplash

A SPANISH hacker and a teacher from Elche have revealed some potential privacy issues for users of the popular messaging service, WhatsApp.

Chema Alonso, a well-known Spanish hacker and member of the executive committee of Telefónica, has exposed some threats to people’s privacy while they use WhatsApp – the Meta messaging service that is hugely popular in Spain.

Alonso said that there is possibly an error that can expose “fundamental data of the people who use the app, such as their location or even the place where they are residing.”

The hacker, alongside a professor of Computer Science at the IES Severo Ochoa in Elche, appears to have discovered a bug linked to the Instagram ‘Stories’ feature and other external links.

Gaspar Cano, a teacher at the institute in Elche, warned that the error can be found in the links people share on WhatsApp.

Links that direct the user to platforms such as YouTube or other content pages can prove problematic when they take the user to a new place, as Instagram does.

Testing the potential personal security threat, Chema Alonso said: “To demonstrate this flaw, I myself created a malicious website with a few lines of code and a database log, which I linked in my status as a cheat.

“Soon, from my contacts who clicked, I knew if they were in Spain or not, what province they were in, if they used Wi-Fi, the IP of their mobile or the company with which they were connecting to the Internet.

“They had completely lost their privacy,” he said.

Cano said that one of the biggest problems is that the date and time (when they have been seen by the contacts) appear in the history of the app, which allows them to be perfectly identified in the external links.

The teacher from Elche added that he reported the potential privacy flaw to Meta – Mark Zuckerberg’s company which also owns Facebook – and that he had received a reply.

“They told me that the responsibility for clicking on a link rests with the users, so they didn’t see a performance issue with their app. The same was said at the beginning of cookies and now they have to be accepted on all websites,” he said.

Cano believes that the problem is easy to solve and offers two solutions: notify the people who use the application that they are going to be directed to an external place or eliminate the history that records the dates and times, as reported by

Thank you for taking the time to read this article, do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.

Written by

Matthew Roscoe

Originally from the UK, Matthew is based on the Costa Blanca and is a web reporter for The Euro Weekly News covering international and Spanish national news. Got a news story you want to share? Then get in touch at