WhatsApp security issue lets someone else take over your account — what to know

WhatsApp logo on iPhone
(Image credit: Shutterstock)

Unlike with Facebook Messenger or many other chat apps, your WhatsApp account is tied to your phone number—and this can be a huge problem if you get a new number.

There are only a finite number of phone numbers available, which is why when one goes out of service Verizon, AT&T, T-Mobile and other telecoms reuse them. If you don’t take the proper steps before switching your phone number, someone else could take over your account.

As reported by Gizmodo, if someone else gets your old phone number and you haven’t switched your number in WhatsApp, they could accidentally end up taking over your account when they log into the service. This happens because your account is still tied to the phone number.

With your WhatsApp account in hand, this person will receive all of your incoming messages and they can even participate in group chats since to everyone else, it will appear to be you and not an imposter. If this person has malicious intentions, they could commit fraud or even try to steal your identity using the service.

An old security issue that still hasn’t been fixed

Unfortunately, WhatsApp has known about this issue for years now and neither it nor its parent company Meta have come up with a way to stop it from happening.

Back in 2020 Vice cybersecurity reporter Joseph Cox accidentally hijacked someone’s WhatsApp and detailed his own experience dealing with the issue. Now the issue has come to light again after Gizmodo shared a similar story about a user named Eric whose son accidentally did the same thing.

Even after reaching out to WhatsApp through its bug bounty program, Eric was informed by an employee that the company knew about the issue and his ticket was closed. While he thought this was a “one-in-a-million glitch”, Eric then went on to recreate the problem in only a few minutes using two prepaid SIM cards.

While this news may have you turning to the best WhatsApp alternatives instead, there are some proactive actions you can take to secure your WhatsApp account and prevent it from being taken over by another user.

How to protect your WhatsApp account from being taken over

Best antivirus software

(Image credit: Shutterstock)

Besides making sure you update your number in WhatsApp every time you get a new phone number, there’s another important step you can take to protect your account.

While two-factor authentication (2FA) using your existing phone number won’t solve this problem, you can set up two-step verification to further secure your account. To do so, simply head to WhatsApp’s Settings menu, tap on Account and then select Two-Step verification. From here, you’ll need to enter a six-digit PIN that the service will ask you for periodically.

If you don’t feel comfortable writing your PIN down, you can always use one of the best password managers to securely store it online. This way you’ll be able to access it from any of your devices and you won’t risk having it fall into the wrong hands. Likewise, if you don’t plan on using WhatsApp anymore, you should select the Delete My Account option from the app’s settings menu so that no one else can impersonate you online.

WhatsApp can be a great tool for keeping in touch with people all over the world but if you want even more security, check out some of the other options on our list of the best encrypted messaging apps.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.