
This week, WhatsApp commenced the rollout of username reservations in advance of a broader launch scheduled for later this year. The feature — which enables users to discover and message one another via handle instead of phone number — is already sparking concerns regarding impersonation, prompting examination from security experts and regulators in India, the app’s largest market with over 500 million users.
The rollout signifies a transformation in how users identify one another on WhatsApp. Rather than depending on phone numbers as the main identifier, users will increasingly interact through platform-managed usernames, a change that Meta claims enhances privacy, though critics suggest it could present new chances for impersonation.
In preliminary testing, TechCrunch discovered that usernames resembling notable politicians, celebrities, business leaders, and public institutions — such as “indiamodi,” “shahrukh.actor,” “teamamitabh,” “ambanijio,” and “rbi_verify” — were still available for reservation. These refer to Indian Prime Minister Narendra Modi, Bollywood stars Shah Rukh Khan and Amitabh Bachchan, billionaire Mukesh Ambani’s telecom firm Jio, and the Reserve Bank of India, respectively. Separately, Binance founder Changpeng Zhao stated on X that he was unable to reserve “cz_binance,” the handle he already utilizes on that platform.
When inquired about its measures to combat impersonation, Meta informed TechCrunch that it reserves usernames for public figures, governmental entities, and “some variations” of those names so only the rightful owner can claim them. However, the company did not clarify how it determines which similar usernames get reserved proactively and which do not.
The concerns have already been raised with regulators in India, where cyber fraud schemes often exploit messaging platforms to impersonate police, banks, and government officials.
In a notice sent to WhatsApp on Wednesday and reviewed by TechCrunch, the Ministry of Electronics and Information Technology (MeitY) cautioned that the feature could “materially increase the occurrence of online fraud, phishing, digital arrest scams, and impersonation attacks” by allowing malicious actors to reach out to users without revealing their phone numbers.
The ministry also indicated that usernames could facilitate the impersonation of “individuals, public authorities, financial institutions, and government agencies” by allowing usernames that closely resemble those of legitimate individuals or organizations. It instructed WhatsApp to justify why regulatory action should not be taken under India’s IT laws and requested the company to pause the feature’s rollout until discussions were completed.
A senior government official separately informed TechCrunch that the Indian IT ministry is aware of the issue and is engaging in conversations with WhatsApp regarding the feature.
This intervention has already faced backlash from New Delhi-based digital rights organization Internet Freedom Foundation (IFF), which stated that the notice lacked a clear legal foundation and risked granting the executive excessive powers to dictate product design. (It’s a situation that operators developing in regulated environments are well acquainted with: Rules established on a case-by-case basis via letters are more difficult to navigate than openly formulated regulations.)
“Impersonation and fraud are genuine threats, but these should be addressed by enforcing criminal laws against those who commit such acts,” the group remarked in a statement. “They should not be handled by MeitY deciding, behind closed doors and through letters, what features may be accessible to Indians.”
This discussion mirrors a similar remark made by the Delhi High Court in a Telegram-related case, where the court indicated that using usernames instead of phone numbers could make it simpler to conceal user identity and disseminate illicit content more swiftly. While this case was not related to WhatsApp, the parallel has re-emerged in public discourse as WhatsApp prepares for its own launch.
Privacy, trust, and platform power
Rachel Tobac, CEO of SocialProof Security, described usernames as a net privacy improvement due to their ability to lessen the necessity of sharing phone numbers, which can expose users to SIM-swap attacks, phishing, and account takeovers. However, she pointed out that similar usernames still open doors for impersonation.
“In the end, usernames are a fantastic concept to avoid revealing your phone number to unknown individuals, but it’s crucial to verify identity through the username function as well,” Tobac stated to TechCrunch.
Her recommendation for most users: Select a username that isn’t easily predictable, making it more challenging for attackers to identify you, message you unsolicited, or subject you to harassment and spam.
Even WhatsApp recognizes that usernames will not be universally applicable. In an FAQ posted on X on Wednesday, the company noted that most users should opt for a username unique to WhatsApp. However, it also allows users to claim their existing Instagram or Facebook usernames by linking their accounts, noting that this option aims to assist creators, businesses, and organizations in maintaining a consistent identity across Meta’s platforms while mitigating impersonation.
The Mozilla Foundation remarked that the introduction of usernames will likely bring new trade-offs. “Increased scams and impersonation from fraudulent handles are potentially significant,” it told TechCrunch. “Verifying a phone number can serve as a valuable identification tool, but these risks are also reinforced by the platform’s core design choices.”
Mozilla also highlighted a broader interoperability issue — one worth noting if you’re building on or competing within Meta’s ecosystem. While allowing users to claim their existing Facebook and Instagram usernames may reduce impersonation, it also demonstrates how effortlessly Meta can integrate identity across its own applications, even when users still cannot transfer that identity, or their contacts, to a competing platform.
For the time being, WhatsApp asserts it is adopting a measured approach to the rollout. “We’re taking our time and listening to feedback so that when it launches later this year, we do it correctly,” the company said in its FAQ.
When you make purchases through links in our articles, we may receive a small commission. This does not influence our editorial independence.

