One of the ways that WhatsApp verifies accounts is through a phone number. Basically, the number you use to verify your account should be the same number you use with your phone. However, according to security research Luis Márquez Carpintero and Ernesto Canales Pereña, it seems that this system is open to abuse that could negatively affect your account.
How does this work? Basically when you setup a new account, you enter your number and WhatsApp will send you a one-time code that you need to enter. However, hackers can repeatedly use this system and request for codes and spam your account until it gets suspended for 12 hours, completely through no fault of your own.
The hackers can then send an email to WhatsApp claiming they lost their smartphone or had it stolen, and then request for the lockout to be extended. While this “hack” does not give attackers access to your account, it could still lock you out of your account which can have a negative impact if you use WhatsApp for work or business purposes.
This is not the first WhatsApp hack we’ve seen and hopefully it’s something that WhatsApp is looking into and fixing for the future. When Forbes reached out, the company downplayed the risk and stated that people who attempt this hack are in violation of their terms of service, although we’re pretty sure that the attackers don’t really care.