German researchers have discovered a bug in the WhatsApp communication app that could let an outsider sneak into a group chat.

At issue is that while only Administrators can allow people to join a group, the WhatsApp sever doesn’t use authentication for invitations. As a result, motivated hackers or WhatsApp staffers could gain access.

Andy Greenberg from Wired reports, “So the server can simply add a new member to a group with no interaction on the part of the administrator, and the phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages.”

In addition, it turns out that once a WhatsApp server has been overtaken, the cyberattacker can not only slip into the conversation, but also manipulate the server to block or tamper with messages.