WhatsApp's new username feature, launched to bolster user privacy by replacing phone numbers in searches, faces immediate scrutiny over impersonation risks. Meta introduced usernames to let users discover contacts without exposing their phone numbers, a privacy-first move. However, security researchers and platform critics argue the feature lacks sufficient safeguards against bad actors claiming fake identities.

The core issue centers on username availability and verification. Unlike Twitter or Instagram, WhatsApp's username system reportedly does not require email verification or other identity confirmation before activation. This creates a playground for impersonators targeting high-profile figures, brands, and ordinary users. Attackers can register usernames mimicking celebrities, executives, or trusted organizations, then contact victims through what appears to be legitimate accounts.

Meta's response emphasizes trust indicators already built into WhatsApp. The platform shows when accounts are new, displays "contact info" to verify legitimate connections, and relies on its existing contact-based trust model. The company argues this foundation makes mass impersonation difficult, since most users still rely on existing contacts for discovery.

Critics push back. They note that casual users often add new contacts based on usernames alone, especially in group settings or public communities. A verified badge system, similar to other platforms, would cost Meta little to implement but would dramatically reduce impersonation surface area. Without it, WhatsApp risks becoming a vector for scams targeting users who assume usernames equal authenticity.

The feature launches as WhatsApp competes with Telegram and Signal for privacy-conscious users. Both rivals offer username systems with stronger verification layers. WhatsApp's move improves privacy against network analysts tracking phone numbers, but trades that gain for new attack vectors.

Meta has not announced plans for username verification or official badges. The company's confidence in existing trust signals suggests it will monitor abuse reports before expanding safeguards. Early adoption patterns will reveal whether users understand the