The privacy breach came to light when Barry Smethurst, seeking TransPennine Express customer service info via WhatsApp’s AI assistant, was instead given a private mobile number belonging to an unrelated woman in Oxfordshire. This number was never meant to be shared publicly. When Barry called, he reached a stranger who had no connection to the train service, causing embarrassment and alarm.
This incident was not isolated. The AI assistant also provided another private number of a different individual in a subsequent interaction. These errors highlight serious flaws in how the AI accesses and distributes sensitive data, even affecting people not using WhatsApp.
What Previous Privacy Issues Has WhatsApp Faced?
WhatsApp has endured multiple major privacy breaches recently. In early 2025, a sophisticated zero-click spyware attack targeted high-risk users like journalists and activists across 20 countries. This attack allowed spyware deployment without user interaction, compromising devices silently.
In late 2024, a massive data breach exposed information about nearly 487 million users worldwide, with the data reportedly sold on hacking forums. Additionally, WhatsApp’s data-sharing practices with Meta have drawn regulatory fines, including a $25.4 million penalty from India’s Competition Watchdog for sharing user data for advertising.
Did you know?
In February 2025, WhatsApp was targeted by a zero-click spyware attack that compromised devices without any user interaction, highlighting the platform’s ongoing security challenges.
Why Does This Breach Matter for AI and Privacy?
The AI assistant’s mistake reveals how AI systems can inadvertently access and share non-public personal data without consent. Despite WhatsApp’s end-to-end encryption protecting message content, AI features that process decrypted data introduce new vulnerabilities.
Meta’s AI assistant scans conversations to offer context-based suggestions, but in this case, it improperly redistributed phone numbers within group chats, exposing them to unintended recipients. This breach undermines user trust and raises questions about the safeguards around AI integration in encrypted platforms.
How Has Meta Responded to the Incident?
Meta’s responses to inquiries about the breach have been evasive, offering contradictory explanations ranging from “pattern-generated numbers” to accidental data pulls. This deflection has fueled criticism and skepticism about the company’s transparency and accountability.
The lack of a direct acknowledgment of the error and the repetitive evasiveness damage user confidence in Meta’s ability to manage AI privacy risks effectively.
ALSO READ | Can Passkeys Truly Eliminate Password Vulnerabilities for Facebook Users?
What Are the Broader Implications for AI Safety and Regulation?
This incident points out the importance of stronger privacy protections and oversight in AI systems embedded in widely used apps. Research shows that many AI chatbots are vulnerable to jailbreaking and can provide harmful or prohibited content despite safeguards.
Transparency, accountability, and robust privacy-first design must become priorities to prevent AI from becoming a vector for data breaches and privacy violations, especially in platforms handling sensitive communications.
What Can Users Do to Protect Their Privacy?
Users concerned about AI privacy risks should consider disabling AI assistant features where possible and remain vigilant about app updates and privacy settings. Treat AI helpers as opt-in tools rather than mandatory features.
Maintaining awareness of how AI processes data and advocating for clearer user controls and transparency from companies like Meta is essential to safeguarding personal information in the evolving digital landscape.
Comments (0)
Please sign in to leave a comment
No comments yet. Be the first to share your thoughts!