Meta says WhatsApp usernames are safe from scams after India raises cybersecurity alarm

Tourists are seen in front of the iconic Gateway of India as a digital exhibition of messaging app WhatsApp is on display, in Mumbai on August 25, 2023.
Indranil Mukherjee AFP | Getty Images
US social media giant Meta Platforms has defended the release of usernames on its messaging service, after the Indian government on Wednesday said the move could lead to an increase in cybercrime.
“Users still need a phone number to use WhatsApp, and we’ve built multiple layers of protection against scams into usernames,” a Meta spokesperson told CNBC via email.
The technology company said it will limit the number of new people an account can connect to, prevent repeated attempts to guess usernames, and enable systems to detect and remove activity that shows common patterns related to impersonation or abuse.
It added that the username feature is not live and will be rolled out “gradually this year.” On Monday, WhatsApp introduced usernames, which it says is a “big privacy feature” designed to help people stay connected without giving out phone numbers.
According to a report by Indian news agency ANI, the Indian government said the user feature “may significantly increase incidents of online fraud, phishing, digital arrest scams and phishing attacks, by enabling bad actors to solicit and send messages to victims.”
It gave WhatsApp three days to provide a detailed explanation about the feature or face action under the country’s information technology laws. The company has been ordered to temporarily suspend the release of this feature until the government’s concerns are resolved.
Security over privacy
While user privacy plays a role in policymaking, “the dramatic increase in cyber-enabled financial crime has undoubtedly shifted the focus of security,” Reema Bhattacharya, head of Asia research at Verisk Maplecroft, told CNBC.
Meta’s Adversarial Threat Report in March found that online fraud organizations were targeting users in India more often than any country outside the U.S. According to the Indian government, incidents of cybercrime will more than double in 2024 to nearly 2.3 million cases from 1 million in 2022.
India has more than half a billion WhatsApp users, and this scale makes it prone to government scrutiny, experts say.
WhatApp’s access, coupled with the user interface, means “misinformation can spread even faster,” and fraudsters can use common words and images to impersonate themselves, said Neil Shah, vice president of research at Counterpoint Research.
Some of these concerns are addressed by Meta. The company told CNBC that it will reserve high-profile names, which can only be claimed by their legitimate owners, and withhold derivatives from well-known names to protect against imitation.
Governments increasingly expect digital platforms to share responsibility for harm reduction, Bhattacharya said, but added that it is difficult to “draw a line between formal rules and measures that might discourage innovation or undermine users’ privacy.”
The government’s oversight of WhatsApp’s username feature comes weeks after India temporarily blocked Telegram to prevent exam cheating during the country’s crucial exams.
The government said the platform hosts many channels that make false claims of leaking examination papers and demand money from candidates and their families to access them. The Telegraph responded that the measure penalizes “the 150 million ordinary users” in India, not those who leaked the test materials.



