May 14 (UPI) -- Messaging app WhatsApp said it's fixed a vulnerability in its software that allowed hackers to spy on users' emails and other personal information.
The social company, which is owned by Facebook, on Monday urged its 1.5 billion users worldwide to update the app on their devices. WhatsApp said the attack affected a "select number" of users through "an advanced cyber actor."
The company said the vulnerability allowed hackers to make a voice call with WhatsApp and remotely install the spyware, even if no one answered the call.
The Financial Times reported Israeli security firm NSO Group developed the attack and sold spyware, which can control smartphones, their cameras and effectively turn them into surveillance devices.
"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," the company said Monday.
Ahmed Zidan, of the Committee to Protect Journalists, said reporters, attorneys, activists and human rights defenders were the likeliest targets for hackers.
Amnesty International said one user of the spyware targeted a staff member last year in Saudi Arabia -- saying NSO's Pegasus surveillance tool was used to hijack the staffer's smartphone.
"NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics," Danna Ingleton, deputy director of Amnesty Tech, told The Telegraph. "The attack on Amnesty International was the final straw."
WhatsApp told BBC News it first found the flaw earlier this month and warned human rights groups, some of its security vendors and the U.S. Department of Justice.