WhatsApp Account Takeover: How to Recover and Protect Yourself and Others
We recently helped a family member recover from a WhatsApp account takeover that caused a great deal of stress and confusion. In the hope that it might save others some grief and stress, we are sharing the details of this attack, the steps we took to recover the account, how to minimize the impact on others, and some practical tips to help protect yourself and your loved ones from similar threats.
Table of Contents
What Happened: The Attack
Yesterday, I was victim to a common WhatsApp hack that works because it preys on our busy, distracted moments. The message came early in the morning from a trusted contact, when I was juggling my morning routine. It said: "Hello, I'm sorry, I sent you a 6-digit code by SMS by mistake, can you send it to me? It's urgent." After checking her contact number, I sent the code, assuming it was a simple mistake. I should have double checked the number on the SMS message which was actually the pin from WhatsApp. This allowed the hacker, who had already taken over my friend’s account, to lock me out of my WhatsApp. Once locked out, I couldn’t log back in, and I was told to wait 12 hours due to too many failed login attempts. During that time, the attacker gained access to my account and started receiving my new messages and group chats. However, they couldn’t see any old messages or media—only what came in after the hack.
Recovery Steps
To recover your WhatsApp account after a takeover, follow these steps:
- Wait : I had to wait 12 hours before I could attempt to log back in.
- Re-login : After the 12-hour wait, I entered my phone number to log back in. WhatsApp gave me three options to verify my account: send the verification code to a phone (which would go to the attacker’s device), receive the code via SMS, or get it through a voice call. I chose the SMS option to securely receive the code, and once I entered it, I regained control of my account.
- Important note : If the attacker had enabled two-step verification (2FA) on my account, I would have been locked out for 7 days without the PIN. Fortunately, this wasn’t the case.
- Enable two-step verification : I immediately enabled two-step verification (Settings > Account > Two-Step Verification) to add an extra layer of protection and prevent future hacks.
How to Protect Yourself and Others
Protecting your account and helping others stay safe requires simple precautions:
- Never share verification codes, even if the message seems to come from a trusted contact.
- Enable two-step verification in WhatsApp: (Settings > Account Two-Step Verification).
- Inform your groups: If your account is hacked, tell your groups and request to be temporarily removed until you regain access, so the hacker can't misuse your account.
- Stay alert: If you receive strange messages asking for codes, contact the sender by other means to confirm it's really them.
- Spread the word and stay safe!
What the Attacker Gains
When a hacker takes over your WhatsApp account, they can:
- Receive all new incoming messages, including messages from group chats.
- Pretend to be you and message your contacts, using your trusted status to deceive others.
However, they do not have access to old messages, photos, or media unless they can access your backup account (Google Drive or iCloud).
How It Could Evolve Into a Financial Scam
Once the attacker gains control of your WhatsApp, they can impersonate you and send messages to your contacts, asking for money or personal information. These messages may be urgent, claiming you’re in a financial emergency, and can dupe unsuspecting friends or family members into sending money or revealing sensitive information. Always verify such requests through other means before taking any action.
References
For more information on securing your WhatsApp account and preventing hacks, refer to the following resources: