WhatsApp accounts can be hacked too…

We have shared lots of information in the past about the risks of your IT systems being hacked, but there has also been a recent spate of hacks to WhatsApp accounts.

If a hacker succeeds in getting in to your account, they will have access to all historic messages. For some people, those messages may contain personal information including such things as bank account details.

How does a hacker get in?

Unlike other applications that have passwords, WhatsApp accounts are tied to a phone number. At the point of sign-up, you have to verify your number, usually via a code sent to the mobile. This code is what the hacker would need. They may attempt to get this by:

  • Calling you and trying to convince you to disclose the number for your own security.
  • Having already hacked the account of someone you’re connected to, and sending you a message from that person’s account, asking you to send back a code they have just sent you.
  • Installing malware on your phone through a malicious link that you have clicked on. Sometime this takes the form of a link to a fake WhatsApp page and asks you to click on a QR code. Once in your account, they often send messages to your contacts, asking them to send a payment to a bank account.

If your WhatsApp account has been hacked, in most cases you’re likely to become aware initially by being locked out of your WhatsApp and you may have a notification that your WhatsApp account has been registered on a new device. You will also probably receive messages from your contacts on other platforms to find out if the WhatsApp they have received from you is genuine.

What should I do if my account has been hacked?

  1. If you are still able to access your account (and sometimes the hacker will have prevented you from doing so), then using the App on your phone, attempt to login using your phone number and get a verification code via SMS (text message). Once you enter this code, the hacker will automatically be logged out of your account, as WhatsApp only allows one phone number per account at a time.
  2. If you can’t access your account, contact your mobile provider and arrange a SIM swap. Then set up your WhatsApp account again as a new account. Once your phone number has been entered and you have verified this with a new code that you receive, the hacker will be logged out.
  3. If you suspect that someone could be using your account on WhatsApp web or the desktop app rather than a phone, you can check by going to Settings > Linked Devices. Any linked devices will be listed. You can remove them by selecting the device and tapping Log Out.

Software updates can help prevent security breaches because updates often include patches that protect against newly discovered vulnerabilities. WhatsApp is no exception, so if you receive a notification that an update is available, install it as soon as possible.