WhatsApp has an ‘Invite to Group via Link’ feature that lets an admin invite other people to join a group chat by sending over an invite link. But it appears that Google is indexing those invite links, leaving private group chats exposed to anyone who stumbles upon the invite links with a random keyword search.

App reverse-engineer, Jane Manchun Wong, tweeted that Google has indexed around 470,000 WhatsApp group invite links. A simple keyword search by using the “chat.whatsapp.com” URL extension will reportedly let random people discover a WhatsApp group chat without ever being invited to join it.

We were able to independently verify that this frightening vulnerability is very real, and it let us join a random WhatsApp group by using an indexed link with relative ease. Regarding the grave privacy issue, here’s what a WhatsApp spokesperson was quoted as saying:

Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.

It appears that the only way to keep group chats private is by invalidating the older invite link. Group admins should generate a new invite link to their WhatsApp group, because doing so will automatically invalidate the older one that has been indexed by Google. But as per multimedia journalist Jordan Wildon, there is no way to fully disable a group invite link that is now in public domain.

I’ve been writing about consumer technology for over three years now, having worked with names such as NDTV and Beebom in the past. Aside from covering the latest news, I’ve reviewed my fair share of devices ranging from smartphones and laptops to smart home devices. I also have interviewed tech execs and appeared as a host in YouTube videos talking about the latest and greatest gadgets out there.