tech news

Your WhatsApp account can be suspended by anyone with your phone number

A loophole in WhatsApp lets someone block your account if they know your number (Getty)

A rather worrying loophole has been uncovered on WhatsApp that means anyone can temporarily suspend your account if they know your number.

Here’s how it works: An attacker installs WhatsApp on a new phone and puts in your number to activate the app.

WhatsApp sends a 6-digit authentication code to your phone – which they don’t have.

The attacker then inputs a wrong code too many times, which blocks the ability to log in for 12 hours.

They then send an email to WhatsApp from their email address and claim that your phone (with the original number) has been lost or stolen.

WhatsApp responds with a ‘verification’ email back to the attacker, which then suspends access to your account. If the process is repeated, the account stays locked away with no input from you.

This doesn’t actually capture your account, so there’s no danger of any confidential information being obtained. But it’s still a major inconvenience to be blocked from your own WhatsApp account.

Someone else locking you out of your WhatsApp account is not ideal, let’s be honest (Getty)

The method was uncovered by a pair of security researchers, Luis Márquez Carpintero and Ernesto Canales Pereñ, and so far it doesn’t seem like there’s any way to stop it.

The best way is to assign an email address alongside a phone number for two-factor authentication (2FA) on your WhatsApp account. This should make it much harder for an attacker to spoof your identity.

Of course, it does rely on WhatsApp not getting tricked by someone emailing the app and pretending to be you. has approached WhatsApp for a comment on this loophole and we will update this article if and when we hear back.

WhatsApp gets the go-ahead for instant payment feature

MORE : WhatsApp to block millions of old iPhones with latest update


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.  Learn more