I'm guessing the next biggest example of this exact same flaw was when this happened on Facebook like 8 years ago. Who could possibly have seen this coming?
this post was submitted on 18 Nov 2025
45 points (100.0% liked)
Pulse of Truth
1722 readers
73 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 2 years ago
MODERATORS
Anyone with an ounce of security knowledge and understanding
When WIRED asked Meta what rate-limiting measures it instituted over the last eight years to prevent the technique Kloeze demonstrated, the company responded that it has, in fact, implemented evolving defenses against scrapers, including rate-limiting and machine-learning techniques to ban scrapers. Yet the University of Vienna researchers were able to not only replicate Kloeze's work, but take it further, actually enumerating all 3.5 billion registered WhatsApp phone numbers—far more than the service had in 2017.
A generous rate limit of 1 query per second would have taken 111 years to churn through 3.5 billion users (with 100% success rate on guesses). Meta's rate limit seems to be "the rate at which our servers can query our contact database".
The answer is obviously less regulations and more tax cuts for the CEOs of these companies, right?