Skip to content
Tech News
← Back to articles

WhatsApp usernames are already raising impersonation red flags

read original more articles
Why This Matters

The rollout of WhatsApp's username feature signifies a major shift in user identification, moving away from phone numbers to handles, which could enhance privacy but also introduces new risks of impersonation. This development is particularly significant for the tech industry and consumers in India, where regulatory scrutiny is intensifying due to concerns over cyber fraud and misuse. The move highlights the ongoing challenge of balancing innovative features with security and trust in digital communication platforms.

Key Takeaways

WhatsApp this week started rolling out username reservations ahead of the broader launch planned later this year. The feature — which lets people find and message each other by handle instead of phone number — is already raising impersonation concerns, drawing scrutiny from security experts and regulators in India, the app’s largest market, with more than 500 million users.

The rollout marks a shift in how people identify one another on WhatsApp. Instead of relying on phone numbers as the primary identifier, users will increasingly interact through platform-managed usernames, a change that Meta says improves privacy but that critics argue could create new opportunities for impersonation.

In early testing, TechCrunch found usernames resembling prominent politicians, celebrities, business figures, and public institutions — including “indiamodi”, “shahrukh.actor”, “teamamitabh”, “ambanijio”, and “rbi_verify” — were still available to reserve. These reference Indian Prime Minister Narendra Modi, Bollywood actors Shah Rukh Khan and Amitabh Bachchan, billionaire Mukesh Ambani’s telecom company Jio, and the Reserve Bank of India, respectively. Separately, Binance founder Changpeng Zhao said on X that he couldn’t reserve “cz_binance,” the handle he already uses on that platform.

Asked about how it protects against impersonation, Meta told TechCrunch it reserves usernames for public figures, government entities, and “some variations” of those names so only the legitimate owner can claim them. The company did not explain, however, how it decides which lookalike usernames get proactively reserved and which don’t.

The concerns have already reached regulators in India, where cyber fraud schemes frequently exploit messaging platforms to impersonate police, banks, and government officials.

In a notice sent to WhatsApp on Wednesday and reviewed by TechCrunch, the Ministry of Electronics and Information Technology (MeitY) said the feature could “materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks” by enabling bad actors to contact users without exposing their phone numbers.

The ministry also warned that usernames could facilitate impersonation of “individuals, public authorities, financial institutions, and government agencies” by allowing usernames closely resembling those of genuine people or organizations. It directed WhatsApp to explain why regulatory action should not be initiated under India’s IT laws and asked the company not to roll out the feature until consultations were completed.

A senior government official separately told TechCrunch that the Indian IT ministry is cognizant of the issue and is engaging with WhatsApp over the feature.

That intervention has drawn its own pushback from New Delhi-based digital rights group Internet Freedom Foundation (IFF), which said the notice lacked a clear legal basis and risked giving the executive broad powers to dictate product design. (It’s a dilemma that operators building in regulated markets know well: rules made case-by-case, by letter, are harder to plan around than rules made in the open.)

“Impersonation and fraud are real risks, but they are met by enforcing the criminal law against those who commit them,” the group said in a statement. “They are not met by MeitY deciding, in private and by letter, what features Indians may use.”

... continue reading