WhatsApp started introducing username reservation features ahead of the official release of its new usernames feature by the end of this year.
The significant update is particularly designed to allow users to connect with others without sharing their contact numbers, ensuring enhanced privacy.
Following the announcement, some users expressed excitement for the feature, while some raised concerns about impersonation, fraud, and phishing, particularly in India, WhatsApp's largest market with over 500 million users.
Security experts and government officials warn that while usernames improve privacy, they could also simplify it for scammers to pretend to be trusted individuals, businesses, or government agencies.
A major change to how WhatsApp works
Currently, the Meta-owned WhatsApp has been depending on contact numbers as the primary way to detect users. With the latest feature, people will be able to browse for messages to others using a unique username.
As per Meta, the significant update will assist users in protecting their contact numbers, particularly when communicating with new contacts, joining community groups and interacting with businesses.
Users can already reserve a username before the feature becomes widely available later this year.
Experts spot potential impersonation risks
Following the launch, security scientists discovered that multiple usernames resembling recognised figures and organisations were still accessible for reservation.
Examples included usernames similar to those of Indian Prime Minister Narendra Modi, Bollywood stars Shah Rukh Khan and Amitabh Bachchan, billionaire Mukesh Ambani's Jio, and even the Reserve Bank of India.
The accessibility of such usernames has raised concerns that scammers could generate fake accounts pretending to represent celebrities, banks, or government departments to deceive users.
Even Binance founder Changpeng Zhao (CZ) said he was unable to reserve the username he already uses on another platform, highlighting concerns about username ownership.
Meta Says It Has Safeguards
While responding to the concerns, Meta stated it automatically reserves usernames for recognised figures, government organisations, and specific entities to prevent impersonation.
However, WhatsApp has not explained exactly how it decides which usernames are protected or how it handles similar-looking usernames that could still confuse users.
India Raises Regulatory Concerns
The issue has gained significant traction by India's Ministry of Electronics and Information Technology (MeitY).
Several reports suggested the ministry has sent a notice to WhatsApp warning that usernames could raise online fraud, phishing attacks, and impersonation scams by enabling bad actors to contact people without revealing their phone numbers.
Moreover, officials expressed concerns that fraudsters could generate usernames closely resembling government agencies.
The ministry has further asked WhatsApp to explain its safety measures and reportedly requested that the feature not be fully launched until consultations are completed.
Privacy benefits still matter
Despite the concerns, cybersecurity experts say usernames also offer important privacy advantages.
Rachel Tobac, CEO of cybersecurity firm SocialProof Security, believes usernames reduce the need to share personal phone numbers, lowering the risk of SIM-swapping attacks, phishing, and account takeovers.
She recommends that users choose a username that is unique and difficult to guess to reduce the chances of receiving spam or unwanted messages.
WhatsApp has also suggested that most people create a unique username rather than using one that is easy for strangers to find.