In a significant data breach incident, researchers managed to scrape 3.5 billion WhatsApp phone numbers by exploiting weaknesses in the platform's contact-discovery system. This incident highlighted a gap within the functionality of WhatsApp's GetDeviceList API, which lacked essential security measures such as proper rate limiting. This API is utilized by the application to confirm the existence of an account linked to a phone number and to check the devices associated with it. The absence of meaningful rate limiting allowed researchers to gather an enormous volume of data, raising serious concerns about user privacy and security. The scraping was not limited to just confirming account existence; it also included active and previously leaked numbers, revealing that 58% of numbers exposed in a prior Facebook data breach were still active on WhatsApp years later. This demonstrates the potential for threat actors to exploit similar vulnerabilities if they were to discover such loopholes before researchers. The incident not only sheds light on the vulnerability of WhatsApp to mass data collection but also poses bigger questions about the adequacy of digital privacy protections currently available against unauthorized data gathering practices. Following the breach, researchers and security experts urged users to adopt better security practices to safeguard their information. They recommended that users limit the personal information shared in their WhatsApp profiles and tighten their privacy settings. Furthermore, they emphasized the importance of two-step verification and unique passwords to help protect against unauthorized access and identity theft. These safety measures are crucial in preventing attacks that could exploit the user's phone number, particularly if linked with other personal information. In response to these findings, WhatsApp has acknowledged the significance of enhancing security measures to protect user data more effectively. Additional protocols and tools to verify account security have been implemented, such as an option to report suspicious accounts and also the banning of millions of scam accounts. However, the overall incident underscores the broader issue of cybersecurity, where even widely used applications are susceptible to major breaches due to single points of failure in their designs. Continuous vigilance and proactive measures are required to ensure users' personal information remains secure in an increasingly connected digital landscape.