Tech

WhatsApp usernames launch to applause, but abuse is already rampant

Meta's privacy win turns into a impersonation nightmare

Nina Johansson|
WhatsApp usernames launch to applause, but abuse is already rampant
Photo by Pixabay on Pexels

Within hours of WhatsApp finally rolling out usernames, the scams started. A flood of fake accounts bearing the handles of executives, journalists, and celebrities. A new privacy feature turned into a new playground for impersonators.

Meta promised usernames would let people message without sharing phone numbers. A genuine privacy upgrade. But what they didn't say was how easy it would be to snatch a username that looks like someone else's identity. Now critics are asking: Did Meta rush this out without basic safeguards?

One Click to Impersonate

Creating a fake account on WhatsApp used to require a SIM card. Not anymore. With usernames, anyone can pick a handle — @elonmusk_offical, @jsmith_reporter, @yourCEO — and start messaging people who think they're talking to the real person.

"WhatsApp has essentially handed scammers a loaded weapon and asked them to be careful."

Security researcher Jake Williams tested the system within an hour of launch. He registered @markzuckerberg_meta. It was accepted instantly. No verification. No check against known identities. "I could have messaged anyone in my network pretending to be Mark," he said. "And WhatsApp would have done nothing to stop me."

Meta's Weak Defense

Meta insists it has abuse detection systems. "We take impersonation seriously and have measures in place," a spokesperson said. But those measures apparently don't include checking if a username is visually identical to a known public figure's name. The company suggests users report fake accounts. That's like asking shoplifters to turn themselves in.

The impersonation problem is compounded by WhatsApp's end-to-end encryption. While encryption protects privacy, it also makes it nearly impossible to trace who's behind a fake handle once a scam is reported. Police can't see messages. WhatsApp can't monitor conversations. The scammers operate in a perfect dark room.

Real Consequences Already

Within 24 hours, reports emerged of a fake @elonmusk account soliciting Bitcoin payments. Several people fell for it. A journalist covering the tech industry found someone using their name to request interviews with sources. "It's chaos," the journalist said. "My reputation is now a target."

For celebrities and executives, the risk is obvious. But the problem is broader. Anyone with a public profile — teachers, doctors, local politicians — could wake up to a fake account spreading misinformation under their name. And WhatsApp's reporting process is notoriously slow. By the time a fake is removed, the damage is done.

What Meta Could Have Done

This wasn't unpredictable. Twitter, now X, battled impersonation for years before implementing verification badges and stricter name policies. Instagram has similar issues. WhatsApp had a playbook. They chose not to use it.

Simple fixes exist: require a verified phone number for usernames associated with known public figures. Use AI to flag names that match high-profile accounts. Limit how many times a username can be changed. But none of these were implemented.

"Meta bet that privacy would outweigh security," says tech analyst Nina Patel. "They lost that bet in the first 24 hours."

The company could also adopt a system similar to Signal's optional PIN verification, which adds a layer of identity confirmation without breaking encryption. But that would mean admitting their current safeguards are insufficient.

The Next Phase

WhatsApp usernames aren't going away. They're too useful for privacy-conscious users. But if Meta doesn't act quickly, the feature will become synonymous with scams. The company says it's "monitoring" the situation. That's not enough.

The real test will come in the next few weeks. If Meta introduces verification badges for prominent accounts, the feature might survive. If they don't, expect a wave of lawsuits from celebrities whose names are used to defraud others. And expect users to start abandoning WhatsApp for less risky alternatives.

For now, if you get a message from a familiar name on WhatsApp, don't trust it. It might just be someone who pressed the right buttons. Exactly the world we didn't want to live in.

Advertisement
#WhatsApp#impersonation#Meta#privacy#scams
分享到:XfWB