About 29,000 to 3,00,000 phone numbers linked to WhatsApp accounts of users’ in many countries, including India, the United States and the United Kingdom are indexed publicly on Google Search posing risks to users’ privacy, claimed a researcher.

The ‘Click to Chat’ feature of the Facebook-owned instant messaging app allows Google Search to index them for anyone to find, wrote Athul Jayaram, an independent cybersecurity and bug bounty researcher, in a white paper on June 7.

The ‘Click to Chat’ option offers an easy way to start a WhatsApp chat to websites with their visitors. A third-party service creates a Quick Response (QR) code image for a site owner’s WhatsApp mobile phone number.

The visitor can scan the site’s QR code or click on a URL to start the chat session, without dialling or saving the number itself, Jayaram explained.

With mobile numbers currently being linked to Bitcoin wallets, Aadhaar, bank accounts, UPI, credit cards, the impact can be huge as attackers can swap SIM cards as well as perform cloning attacks, he warned.

A similar feature on Facebook, which aided in search of users with their phone numbers, was removed a year ago due to privacy risk and impact leaking phone numbers.

Suggestions have been offered by security researchers that could help keep WhatsApp phone numbers safely out of Google’s search results, but none of these changes have been implemented—and it’s possible they never will be.

If you want to keep your WhatsApp phone number off of Google’s Search Index:

Do not use ‘Click to Chat’ for now.

Delete any ‘Click to Chat’ links from publicly accessible websites, if you were already using Click to Chat.

You can start using a service like Google Voice with WhatsApp if you want to continue using Click to Chat without compromising your personal phone number.