WhatsApp’s raft of businesses ranging from banks, ecommerce, hospitality and transport majors that use WhatsApp’s business API to communicate with customers haven’t heard from the messaging giant on any potential impact on their enterprise accounts ever since the company disclosed a malware vulnerability that could leave its billions of global users exposed to a spyware that hacks into users’ phones.
Companies that use WhatsApp for communicating and sharing information with customers include Uber, Booking.com, Softbank-backed Oyo, MakeMyTrip, BookMyShow and Urban Clap.
While some technology experts said it looks unlikely that the hacking incident has had any effect on the enterprise side, others said a lot still depends on individual companies and their existing security solutions.
“The details are sparse, but from what’s out there, it’s unlikely this hacking incident has any effect on enterprises. The hack involved embedding software on a user’s phone through a missed call. Enterprise accounts are hosted on the cloud, not on the phone,” said Beerud Sheth, CEO of messaging platform Gupshup, the first company that enabled enterprises in India to use the WhatsApp API solutions.
Last year, Gupshup announced it had enabled WhatsApp for Business for brands like Kotak Mahindra Bank and IndusInd Bank. IndusInd used it to allow customers to track their account balances, mini statements and reward points while Kotak Mahindra used it to send its digital account’s welcome kit videos to customers who opted to receive bank messages on WhatsApp.
Sivarama Krishnan, cyber security leader for India at PwC, said an organisation with good security systems in place should not have been impacted. “Enterprise accounts are hosted on the cloud and have message gateways that can push and pull a message. They are not installed as applications for corporate networks. But if the information of an individual customer of these corporate accounts has been compromised, that compromise could be exploited to breach corporate networks if the company does not have adequate security systems in place.”
An Oyo spokesperson said since the company utilises textual API for helping customers find their booking details easily over WhatsApp, it has not seen any disruption in its customer experience.
Industry officials from companies that use WhatsApp’s API solutions said most companies use the textual API for sending details like one-way booking confirmations to its customers.
“If publicly available details are any indication, the malware attack has only affected the Voice over Internet Protocol (VoIP) side. A lot of enterprises that are currently using WhatsApp for enterprise solutions are only using the textual API. So it doesn’t appear that most companies using a textual API for one-way booking confirmation have been impacted,” said an official working for a company that uses WhatsApp’s business API.
“We haven’t been affected as an enterprise. There has been no disruption. But we haven’t received any communication from WhatsApp on this matter. Typically, they have been very prompt if there has been any discrepancy in the past,” said another official.
