WhatsApp vulnerabiity lets “hackers” get your account suspended

While WhatsApp may still be arguably the most popular messaging service in the world, it’s also not the most secure. Yes, it does have end-to-end encryption so your messages can only be seen by you and the recipient, but the architecture of the app itself leaves it open to some vulnerabilities which nefarious elements can take advantage of. One hole that can be exploited now is that anyone who knows your WhatsApp number can get it suspended without you knowing it.

Forbes has a detailed article on how someone can go about getting your account suspended just by having your number. Here’s the gist and the two steps that are needed to exploit this flaw. The attacker will attempt to install WhatsApp on a new device and will use your number to activate it. But since the activation code will be sent to your number, they will not be able to activate it. You will of course ignore it since you know you didn’t request for activation. They will try this multiple times until your login will be locked for 12 hours.

The second part of this attack is that they will send a support message to WhatsApp claiming that the phone (your phone) was stolen and to request that the account be deactivated. WhatsApp will then reply to the attacker’s email and confirm that the account will be deactivated. You who actually owns the account and the number will then be caught unawares that it has been suspended and after this happens several times, your account will be in a semi-permanent lock until you get it sorted out.

Sorting it out will take a lot of effort and time of course so this is quite the hassle. The good news is that whoever got your account suspended will not get any of your information or data. In fact, they don’t get anything out of it other than block access to your account and cause you a lot of grief. When pressed for comment, WhatsApp did not say if they’re working on plugging this hole. They did advise for users to provide an email address for two-factor authentication to reduce these kinds of incidents.

On top of the recent privacy issues that WhatsApp has been facing, this is not a good look on the Facebook-owned messaging app. Let’s wait and see if they react or do something once more people complain about this flaw.