NEW DELHI: A raft of businesses — banks, ecommerce, hospitality and transport majors — that use WhatsApp’s Business application programming interface (API) to communicate with customers have not heard from it on any potential impact on their enterprise accounts due to a vulnerability that could leave users exposed to a spyware.
Some such companies are Uber, Booking.com, Softbank backed Oyo, MakeMyTrip, BookMyShow and Urban Clap.
While a section of technology experts said it looks unlikely that the hacking has had any effect on enterprise, others said a lot still depends on individual companies’ security solutions.
“The details are sparse, but from what’s out there, it’s unlikely this hacking incident has any effect on enterprises. The hack involved embedding software on a user’s phone through a missed call. Enterprise accounts are hosted in the cloud, not on phone,” said Beerud Sheth, cofounder-CEO of messaging platform Gupshup, the first company that enabled enterprises in India to use WhatsApp API solutions.
Sivarama Krishnan, cyber security leader for India at PwC, said, “ If information of a customer of these corporate accounts has been compromised, that compromise could be exploited to breach corporate networks if the company does not have adequate security systems in place.”
An Oyo spokesperson said since the company utilises textual API for helping customers find their booking details easily over WhatsApp, it has not seen any disruption in its customer experience.
Industry officials from companies that use WhatsApp’s API solutions said most companies use the textual API for sending details like one way booking confirmations to its customers.
“We haven’t been affected as an enterprise. There has been no disruption. But we haven’t received any communication from WhatsApp on this matter. Typically, they have been very prompt if there has been a discrepancy in the past,” said another official.
A spokesperson for an online travel aggregator said the company has not received communication from WhatsApp so far. Abhiraj Singh Bhal, cofounder of Accel Partners-backed Urban Clap, which uses WhatsApp for sending booking details of services sought by clients, said he has not heard from WhatsApp either.
In a response to ET’s queries, WhatsApp said it is constantly working alongside industry partners to provide the latest security enhancements to help protect its users. The company also said, to provide additional information to the security community, WhatsApp filed a Common Vulnerabilities and Exposures (CVE) notice indicating that this exploit takes advantage of WhatsApp’s voice calling.
Source: Economic Times