A serious security breach has been identified in WhatsApp that could be exploited by intruders to block your account. The only information an attacker needs is your phone number.
First, the hacker installs WhatsApp on a new phone using your phone number to activate the service. Next, WhatsApp tries to verify that it is really you by sending a confirmation code. However, the attacker asks for the code again and again, which leads to the account being blocked for 12 hours.
In the next step, the attacker sends an email to WhatsApp, claiming that his phone (which is actually your phone) was stolen or lost and asks to block the WhatsApp account associated with that number.
After this request, WhatsApp sends an email confirming that the account has been suspended, without asking the attacker for any information that can prove that the request to suspend the account came from the legitimate owner of the specified account.
A pair of security researchers named Luis Marquez Carpintero and Ernesto Canales Perena conducted an experiment that proved that this attack can block you from accessing your account messenger. At the same time, your messages will remain confidential.
“This is another disturbing way of hacking that could affect millions of users. Many people rely on WhatsApp as their primary communication tool. It’s scary how easily this can happen.” – Jake Moore from ESET.
Messenger has not yet revealed how it is going to close this security hole.