The Check Point security firm is reported to have disclosed a flaw within the web version of the Facebook-owned WhatsApp that recently hit the milestone of 900 million active users. As stated in the post on the security firm's blog, 200 million users were vulnerable to a flaw that allowed hackers inject malicious code into vCards.
Basically, a vCard is a file that contains contact details, so whenever a WhatsApp user opened the received file, which looked like an ordinary contact card, malicious code gained access to the computer. Thus, the only information a hacker would require to inject the code was the user's phone number. The report suggests that only desktop PCs were vulnerable to the attack.
Check Point reported the bug to the WhatsApp team on August 21, and on August 27 it was fixed. It is unknown for how long the flaw has been out there, but the fact that the information has been made public just recently may suggest that the issue was more complex than expected. Anyway, opening files of unknown origin is still a bad idea, even if they seem completely harmless. If you wish to learn more about the security flaw, you can see the whole report here.