🟡 Medium | Source: The Register — Security
India’s government has given WhatsApp three days to justify its rollout of usernames, raising concerns that the feature could enable impersonation attacks on its largest user base. Authorities want Meta to explain what safeguards are in place before the feature proceeds. The move reflects growing regulatory scrutiny of consumer messaging platforms and their security controls at scale.
Security Architect’s Take: If your organisation uses WhatsApp for business communications or customer engagement, review whether the username feature introduces impersonation risks in your threat model and consider whether additional verification steps are needed before employees or customers rely on usernames to confirm identity.
Original advisory: India gives WhatsApp three days to defend username rollout amid security fears