Urgent: Personal data leaked to another user’s device (No shared account/iCloud)
I am seeking advice or similar experiences regarding a critical data privacy breach I just experienced.
My group memberships, and personal data appeared on a family member's phone. To be absolutely clear:
- We use completely separate devices, phone numbers, and Apple IDs.
- The family member’s device was purchased today and has no connection to my account history.
- I have never linked my account to their device (QR code).
- My primary device was logged out, and I received a notification that my number was registered elsewhere.
Despite this, when they opened their own WhatsApp (registered to their own number), they saw my personal profile, my group chats, and my recent activity—all while their own profile picture remained visible in the "You" tab.
This indicates a massive server-side data synchronization error where my account data was mistakenly merged into their app instance. I have already confirmed this with screenshots showing the mismatch between the account identity and the chat data.
Has anyone here ever encountered a "cross-account" data leak like this? Does anyone have advice on how to force a platform-level investigation by Meta beyond the standard automated support replies? I am not looking for standard "check your linked devices" advice; this was a fundamental failure of server-side identity verification.
Any technical insights on how to hold the platform accountable for this specific type of breach would be appreciated.