WhatsApp to introduce usernames? Here's what you need to know

Soon, you may no longer need to give out your phone number to chat on WhatsApp.
WhatsApp is working on a long-anticipated feature: usernames — allowing people to connect with others without sharing their actual phone numbers. This brings WhatsApp closer to platforms like Telegram and Signal, which have long offered similar privacy-centric options.
According to findings from WABetaInfo (via Tecnoblog), traces of the feature were recently discovered in the TestFlight beta version for iOS. While it's not yet live for testers, WhatsApp appears to be building the system's framework and interface in the background.
The introduction of usernames could mark a significant privacy milestone for WhatsApp, giving users greater control over who sees their personal information. Instead of displaying a phone number by default, the app will soon allow people to identify one another via unique handles.
How will it work?
Initial details reveal that users will be able to create a unique username consisting of lowercase letters, numbers, periods, and underscores. There are a few key rules:
Usernames must contain at least one letter, to prevent all-number or symbol-based handles.
Usernames can't start with " www." to avoid confusion with websites.
A confetti animation will confirm a successful username creation.
Once live, your username will appear in chats and groups in place of your phone number — especially when people don't already have your number saved. This could be particularly useful for engaging in public groups or interacting with businesses and communities.
WhatsApp plans to treat username updates the same way it handles profile photo or number changes — by notifying others in a system message within chats. This ensures transparency and helps contacts keep up with changes.
Another neat addition: the web version of WhatsApp will eventually include a tool to check username availability before you commit to one.
When will it launch?
As of now, there's no official release date. But the fact that development strings are already showing up in recent beta builds is a strong indicator that the feature could be coming soon — part of a string of recent updates including the long-awaited release of WhatsApp's iPad app.
With usernames, WhatsApp is taking a clear step toward more private and flexible communication, while catching up with its competitors in the modern messaging space.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Crypto Insight

an hour ago

• Crypto Insight

The anatomy of a crypto scam: How to stop and prevent common threats

In the vast world of crypto, the line between opportunity and deception is razor-thin. The traits that make digital assets attractive — anonymity, independence and rapid transferability — also create fertile ground for fraudsters. Scams are woven into the fabric of the crypto ecosystem, exploiting trust, greed and fear. Unlike traditional financial systems with regulators, the decentralized crypto space allows opportunistic actors to thrive. Understanding the structure of these scams is crucial. Just as forensic investigators dissect crime scenes, analyzing the architecture of crypto scams reveals the calculated maneuvers used to siphon funds. Each scam follows a familiar blueprint — preying on human psychology and the lack of regulation in decentralized finance (DeFi). Breaking down these frameworks provides valuable insights, helping investors and institutions recognize warning signs and fortify defenses in this high-risk environment. The hook — perfect bait for every target The first stage of any scam begins with the hook: a carefully crafted message or offer designed to capture the victim's attention and trigger an emotional response. Before setting the hook, scammers often invest significant time gathering information about their targets. They sift through leaked emails, phone numbers and other personal information to build a profile, crafting a personalized scam to increase the likelihood of success. By incorporating specific details — such as the target's language or personal information — the fraudsters add a layer of credibility that creates trust. Once armed with their target's details, scammers move to the hook, preying on curiosity, trust and the promise of easy profits. Whether it's a phishing email, a fake account alert or an investment opportunity promising 'guaranteed returns,' the goal is to present something too enticing to ignore. A common example is the fake exchange account scam, in which victims believe they have been given accidental access to a large sum of unclaimed money. The scam begins with an unexpected message stating, 'Your account has been created,' accompanied by login credentials for an account/wallet on a cryptocurrency exchange. The victim logs in and finds a balance of $10,000 waiting for them. Delight is replaced by greed as they attempt to withdraw the funds. But there's a catch: the system requires a small deposit — perhaps $1,000 — to unlock the full amount. Once the fee is paid, the scam becomes clear: the exchange was fake, and the deposit is now in the hands of scammers. This scam works because it preys on greed and the allure of a 'lucky break.' Victims become so focused on the reward that they ignore the warning signs, such as bad grammar in the message or lack of domain security on the website. The setup — establishing trust and gaining access After successfully hooking a victim's attention, scammers focus on building trust. This phase involves cultivating a sense of legitimacy and familiarity with scammersgoing to great lengths to establish a personal connection. Scammers may even employ tactics like investment scams, where they spend weeks or months grooming their victims, engaging them in friendly conversations and feigned relationships to create a strong bond. Only once this trust is deeply established do they introduce the fraudulent investment or fake platform, luring victims to transfer funds that they will never see again. The SIM swap attack is another devastating example whereby scammers exploit technological trust. By gathering personal information that is available publicly on social media, such as birthdays, pet names or even favorite sports teams, the fraudster can impersonate the victim. They then contact the target's mobile service provider, armed with these personal details, and request a phone number transfer to a SIM card in their possession. With control over the victim's phone number, they can bypass two-factor authentication and gain access to crypto wallets, bank accounts and emails. The setup phase succeeds because scammers exploit both technological trust and personal familiarity. Humans are, by nature, social creatures, and scammers exploit this characteristic by building relationships that appear genuine. In the SIM swap, scammers manipulate trust in technology, using the victim's digital security habits against them. The execution — draining funds through hidden mechanisms Once access is gained, scammers move to the execution phase, where they drain funds using hidden mechanisms. This is the most devastating stage, as the carefully designed setup ends in significant financial losses for the victim before they've even realized something is wrong. For example, in 2018, a victim boarded a short flight, unaware that scammers had executed a SIM swap while he was offline. By the time the plane landed, funds had been siphoned from his crypto wallet. With control over his phone number, the scammers were able to bypass two-factor authentication (2FA) and gain access to everything. Another good example is the poison wallet tactic which targets large over-the-counter (OTC) platforms. Scammers trick targets into sending small amounts of funds to fraudulent addresses. They do this by creating wallet addresses that look very similar to the initial and final characters of the victim's legitimate address. They then send a small transaction to the victim, hoping the fake address will show up in the user's transaction history. When the victim next makes a transaction, they may unwittingly select the fake address from their history. In this tactic, scammers take advantage of automation and human error. Bots monitor wallet balances, triggering automatic withdrawals when a balance crosses a certain threshold. Meanwhile, the use of familiar-looking addresses plays on the victim's carelessness and trust in their own records. The stolen amounts might be small per transaction, but cumulatively, they siphon off thousands daily, all going virtually unnoticed.

Arabian Post

3 hours ago

• Arabian Post

WhatsApp charts ad and creator‑subscription course

WhatsApp is rolling out a trio of monetisation tools within its Updates tab, signalling a significant shift in strategy while keeping its core service intact. Businesses and creator‑led Channels can now access new advertising options, subscribers can unlock exclusive content, and adverts will begin appearing in status updates – all isolated from personal chats. Approximately 1.5 billion users engage with the Updates feed daily, where ephemeral Status posts and one‑way Channels feature prominently. Meta, the parent company, is instituting three monetisation pillars: paid subscriptions to Channels, promoted placement for selected Channels, and targeted ads in Status postings. Paid Channel subscriptions enable creators and organisations to offer exclusive content to subscribed users. Channel owners can set monthly fees, receiving payment directly; Meta has confirmed it will forgo revenue share this year. Users continue to access non‑premium Channels at no cost, preserving inclusivity. ADVERTISEMENT Promoted Channels afford businesses and creators the ability to gain visibility within the Channels directory. These paid promotions echo Facebook and Instagram's ad features, enabling targeted outreach to engaged audiences on WhatsApp. Advertising in Status posts marks WhatsApp's first foray into native ad content. Businesses will now have the opportunity to insert sponsored Status updates visible alongside friends and family updates, with direct messaging links for user engagement. Meta assures these monetisation measures will not breach WhatsApp's end‑to‑end encryption on personal chats, calls, and Status. The Updates feed is portrayed as a separate, user‑opt‑in zone that won't affect the private messaging interface. Ad targeting will be based on broad demographic signals—such as language, city, activity within Updates, and cross‑app preferences if linked via Meta's Accounts Center—excluding personal message content. Meta highlights ongoing user trust as a cornerstone, emphasising that phone numbers will not be shared with advertisers and ad delivery does not draw from personal or group conversations. This assurance follows backlash in 2021 concerning alleged T&Cs changes, underscoring the fragility of confidence in WhatsApp's promises. Meta's move is clearly motivated by financial incentives. With ad revenue soar­ing—for instance, Meta reported US $160.6 billion in ad income in 2024—and WhatsApp yet to be fully monetised, the company plans to leverage its massive user base without compromising privacy guarantees. This transformation mirrors WhatsApp's evolution in Asia, where apps like WeChat serve as multifunctional ecosystems encompassing commerce, messaging, and media. Meta's vision is to expand WhatsApp's utility by integrating business and creator economy tools in non‑intrusive areas. Despite assurances, the roll‑out has sparked debate over potential shifts in user experience. Some long‑time users perceive this as a betrayal by an app founded on a minimalist, privacy‑first ethos – 'No ads! No games! No gimmicks!' as WhatsApp's founders once promised. Timid but discernible resistance emerged on social media platforms like Reddit, with a fraction of users threatening migration to platforms like Signal or Telegram. Meta is mitigating these concerns through phased deployment, global scheduling over coming months, and strict differentiation between private and monetised environments. Advertisers and business leaders, however, are optimistic: the Updates tab presents a potent venue for visibility, especially for small businesses traditionally underrepresented in mainstream ad environments. WhatsApp's approach marks its boldest commercial pivot yet, with strategic calculus focused on preserving encryption while introducing revenue‑generating mechanisms. The company's ability to maintain trust, eye potential regulatory scrutiny, and adapt to user response will determine whether this evolution strengthens WhatsApp's role as both a private messaging app and a platform for business and entertainment.

Tahawul Tech

21 hours ago

• Tahawul Tech

Cybercriminals gain access as 16 billion credentials exposed in historic data breach

The threat landscape continues to evolve, and the message from cybersecurity experts is clear: digital vigilance and routine cyber hygiene are now non-negotiable. The global cybersecurity community is sounding the alarm following what Cybernews has dubbed the largest data breach in history, revealing a staggering 16 billion login credentials scattered across 30 different databases. While some records are believed to overlap, researchers emphasise that much of the data stems from recent infostealer malware attacks, not just recycled incidents from the past. This latest revelation significantly raises the stakes in the ongoing battle against credential theft. Commenting on the report, Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky, explains: '16 billion records is a figure nearly double the Earth's population, and it's hard to believe such a vast amount of information could be exposed. This 'leak' refers to a compilation of 30 user data breaches from various sources. These data sets ('logs') are primarily obtained by cybercriminals through infostealers — malicious applications that steal information — and such incidents occur daily. Cybernews researchers collected this data over six months from the start of the year. Their dataset likely contains duplicates due to the persistent issue of password reuse among users. Therefore, although it was noted that none of the databases they found had been previously reported, this doesn't mean these credentials hadn't previously leaked from other services or been collected by other infostealers.' Kaspersky telemetry further supports the scale of the threat, reporting a 21% global increase in password stealer detections from 2023 to 2024. Infostealer malware has emerged as one of the most pervasive cyber threats, compromising millions of devices and extracting credentials, cookies, and sensitive data — all of which are then aggregated and circulated on the dark web. Dmitry Galov, Head of Kaspersky's Global Research and Analysis Team (GReAT) for Russia and CIS, added: 'Cybernews research speaks of an aggregation of several data leaks over a long period – since the start of the year. This is a reflection of a thriving cybercrime economy that has industrialised credential theft. 'Credentials are harvested, enriched, and resold — often multiple times — via combo lists that are constantly updated and even made available on public platforms.' 'What's notable here is that the datasets were reportedly temporarily exposed via unsecured channels, making them accessible to anyone who stumbled upon them.' Anna Larkina, Web Content Analysis Expert at Kaspersky, advises users to take urgent action and said, 'This news is a good reminder to focus on digital hygiene. Regularly update your passwords, enable two-factor authentication, and use a reliable password manager, such as Kaspersky Password Manager, to store your credentials securely. If you suspect your accounts may have been compromised, contact support services immediately to regain access and limit further damage. Users should also stay alert to social engineering scams that exploit leaked data.' Adding to the expert views, Peter Mackenzie, Director of Incident Response and Readiness at Sophos, said, 'While you'd be right to be startled at the huge volume of data exposed in this leak, it's important to note there is no new threat here — this data will most likely already have been in circulation. These datasets are amalgamated from multiple breaches. What this tells us is the sheer depth of information now available to cybercriminals. It's a powerful reminder to everyone to take proactive steps — update passwords, use a password manager, and implement multifactor authentication. If concerned, check your email at to see if your data has been compromised.'