Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is “a signed URL that grants access to Azure Storage data.”
The URL gave full access to read and write all data in the Azure Storage. This is so obvious a security hole. This “feature” should never be. If you are going to use signed urls, then implement them so that they expire after 24 hours or something.
Nearly everyone I know from India uses WhatsApp so this statement checks out. I wish my own friends and family would stop using iMessage/SMS and use something like Signal. The only other app they use is Snapchat and I kinda hate that one.