 | The examples and perspective in this articledeal primarily with India and do not represent aworldwide view of the subject. You mayimprove this article, discuss the issue on thetalk page, orcreate a new article, as appropriate.(November 2019) (Learn how and when to remove this message) |
| This article is part of a series about |
| Meta Platforms |
|---|
 |
| Products and services |
| People |
Executives and board members |
Notable employees |
Related organizations |
| Business |
|
Related |
 | This article name “WhatsApp snooping scandal”'sfactual accuracy isdisputed. Relevant discussion may be found onTalk:WhatsApp snooping scandal. Please help to ensure that disputed statements arereliably sourced.(December 2024) (Learn how and when to remove this message) |
On October 30, 2019,WhatsApp's parent companyFacebook, Inc. confirmed thatPegasus, a sophisticated snooping software developed by Israel'sNSO Group, was used to target Indian journalists, activists, lawyers and senior government officials. The journalists and activists are believed to have been targets of surveillance for a two-week period until May, when theIndian national election was held.[1][2]
The snooping scandal came out after WhatsApp filed a case in California's Northern District federal court against the NSO group, alleging the NSO group had developed the software used to infect 1,400 target devices with malware.[3]
The IT Ministry of India sought a detailed response from WhatsApp on the issue.[4] They responded that they had alerted the government on two occasions—once in May and for the second time in September 2019.[5][6][7] In response to Indian Government's order, WhatsApp informed the Computer Emergency Response Team of India in May and September that Pegasus spyware affected Indian WhatsApp users.[8]
Indian National Congress party alleged that theNarendra Modi-led government has been caught snooping on journalists, activists, lawyers and senior government officials.[9] They later alleged that their leaders, including general secretaryPriyanka Gandhi, are also being targeted by this. They also claimed WhatsApp sent messages to different people whose phones were hacked. One such message was also received from the WhatsApp of Priyanka Gandhi a few months ago.[10]
Former Chief Financial officer ofInfosys Mr. T.V. Mohandas Pai also demanded government to probe on the scandal and to come out with a report before the public.[11]
The WhatsApp incident was part of a larger pattern ofPegasus spyware abuse. Investigations by thePegasus Project (2021) revealed that governments worldwide used the malware to target journalists, activists, and politicians, including associates of murdered Saudi journalistJamal Khashoggi and staff of French PresidentEmmanuel Macron.[12]
The attack exploitedCVE-2019-3568, azero-click exploit vulnerability in WhatsApp'sVoIP stack. The exploit allowed installation of Pegasus spyware without any user interaction.[13] WhatsApp patched the vulnerability through server-side fixes and client updates in May 2019.
Beyond lawsuits in the U.S. and India, the scandal prompted regulatory scrutiny in theEuropean Union, where lawmakers questioned NSO Group's compliance withGDPR requirements.[14] The Israeli government subsequently tightened oversight ofcyberweapon exports.
NSO Group maintained that Pegasus was licensed exclusively to governments forcounterterrorism purposes. The company stated it had no visibility into how clients used the software, though this claim was disputed by researchers.[15]
Following the disclosure, many users migrated to alternative messaging platforms likeSignal andTelegram.[16] WhatsApp responded by enhancing its security communications and emphasizing its commitment toend-to-end encryption.