Technology

Two Things You Should Do To Avoid The WhatsApp Account Hack

Image of whatsapp logo On The Back Of Camera/Shutterstock
By Quentyn Kennemer/

Hackers are constantly coming up with creative ways to gain access to your personal information, and it can be easy for them do that if proper precautions aren't in place. As wonderful as WhatsApp is for freely communicating with loved ones around the world, it's one of the most commonly targeted platforms due to its widespread use.

One of the newest WhatsApp flaws allows an attacker to take control over your account, even if you don't engage with the prompts that spawn from their attempts. The attacker simply requests a pin code via text message.

Normally, you simply wouldn't share the pin code with anyone, seemingly thwarting this type of elementary phishing method. But according to security researcher Zuk Avraham on Twitter, there's still a way a hacker can attain the pin number in question, even if you never interact with them. It's worth catching up on the details below, as he also explains how to combat this.

This WhatsApp account hack uses your voicemail against you

Image of voicemail icon on phone Tada Images/Shutterstock

According to Zuk, the hacker can select an option stating that their pin code never arrived, which would then prompt WhatsApp to call you to relay the code instead. The problem arises if you allow the call to go to voicemail, as the app's automated system will share that information there.

The attacker would then attempt to get into your voicemail system using its default pin code, which might be the last four digits of your phone number, depending on your carrier. If you didn't set up two-factor authorization, they would then do so in an attempt to keep you locked out, at least until you can work through the breach with WhatsApp directly (a process that isn't always immediate).

It's an approach that's so deceptively simple that many of us wouldn't second guess reinforcing against it, especially considering the growing legion of those who have banished the use of voicemail from their lives in favor of texting and social media. Thankfully, there are some easy precautions against this sort of attack, and we'll walk you through them.

How to protect your WhatsApp account using two-step verification

Someone using a laptop and phone KT Stock photos/Shutterstock

For this specific attack, it may be time to change your voicemail's default pin number. You can usually do this by calling your voicemail and doing it via an automated system, by calling your carrier, or by signing into your cellular account at the carrier's website.

The best protection, however, is two-step verification, which would require an attacker to retrieve yet another authentication method that goes to a different destination altogether — your email, in this case. Here's how you set it up on WhatsApp:

  1. Open WhatsApp on your phone and tap the "Settings" tab on the bottom.

  2. Tap "Account."

  3. Tap "Two-Step Verification."

  4. Tap "Turn on."

  5. Enter a 6-digit pin code that you can remember, and confirm it by entering it again.

  6. Enter the email address you want authorization requests sent to, then tap "Next."

  7. Confirm the email address on the next page, then tap "Done."

That's it. You can go back through these menus to change either your pin code or your email address at any time, and sleep easy knowing that you have several layers in place to protect your WhatsApp account.

Recommended