This was first reported to Facebook in early November by Twitter user HackrzVijay (in the hope of collecting on their bug bounty), but Facebook's 'security' representative, Kurt claimed that, "The links being accessible by anyone was an intentional product decision. Group admins can invalidate the link if so desired. The Surprise here was that they're indexed by Google. However, we cannot completely control what all search engines, Google, and others, index." This was Kurt's response in full:
Has Kurt never heard of robots.txt or the 'noindex' meta tag? Those are the two normal ways of informing Google that the content should not be added to their search database.
Some background. A WhatsApp invite code is simply a URL that includes a long string of (seemingly) random text that permits anyone you share it with, the ability to join your group. This group might be a private chat amongst friends, a negotiation forum for the next big corporate take-over or even a porn collective. All of these could easily be located with a simple search.
Be aware though, in this instance, Google has done nothing wrong. Not seeing any command to ignore the content, they merrily indexed all of this. It is WhatsApp's, and ultimately Facebook's problem.
Apparently Facebook doesn't think there's anything wrong with this, but then again, they've always struggled to grasp the importance of security and privacy of their users!
Update. It seems that something has been done to suppress the visibility of these invite codes. By instructing Google to limit search results to the past 24 hours, this writer found only news articles that discuss the problem were visible. Extending the limit to the past week DOES result in chat groups being displayed.