WhatsApp users, kindly, read this news carefully. In a major development, the security researchers have found a WhatsApp flaw that lets attackers suspend your account. The loophole was discovered by Luis Marquez Carpintero and Ernesto Canales Perena, and was first reported by Forbes.
To suspend your WhatsApp account, attackers first download WhatsApp on their device and try logging in with the phone number of the victim. Thanks to two-factor authentication, which is constantly sending SMS codes or calls to the victim’s phone number, the attackers are not able to log in, BGR India reported.
Please note that WhatsApp only sends a limited number of codes and due to several repeated and failed attempts, the login is locked for 12 hours. This means neither the victim nor the attacker can log in to that WhatsApp account!
The next part is where it gets interesting. The attacker targetting your WhatsApp account then registers a new email address and sends an email to [email protected] requesting to deactivate the number (victim’s phone number), citing lost/stolen phone as the reason.
“So, to be very clear. WhatsApp has received an email referencing your phone number. They have no way of knowing whether this is really from you. There are no follow-up questions to confirm your ownership of the number. But an automated process has been triggered, without your knowledge, and your account will now be deactivated,” according to the Forbes report.
Meanwhile, a WhatsApp representative told Android Police: "Providing an email address with your two-factor authentication credentials can help avoid this hypothetical scenario."
What you can do
Attackers are mainly interested in hijacking accounts rather than disabling them, and you’ll know that something is wrong during that first string of SMS code requests. You should reach out to WhatsApp support immediately if you notice this activity
.webp)
