About 4 days ago, both I and a member of my family were hacked at different times through a vulnerability in WhatsApp. We were suddenly logged out of our accounts, and after investigating, we realized we had been targeted.
The hacker used a clever trick to keep us locked out for as long as possible. He kept requesting verification codes repeatedly, so whenever I tried to log back in, I was told to wait 5 or even 12 hours before I could request a new code.
Thankfully, my account was protected by two-step verification (2FA), so even when the hacker got in, he couldn’t do anything. But my family member didn’t have 2FA enabled, and the hacker managed to access the account, mess around, and even started messaging people.
What I noticed during the attack:
-
You get automatically logged out of your account.
-
The hacker seems to exploit a flaw in WhatsApp Business. When I asked a friend to check my account while it was hacked, he told me it had turned into a business account same thing happened to my family member.
As soon as I recovered my account, I messaged everyone I know and begged them to activate 2FA immediately. This vulnerability is serious, and anyone could be next.
Today, I finally found a video explaining this exact issue.
And now… I’ve made my decision. I’m done with WhatsApp. I’ve delayed this choice for too long, but after what happened, enough is enough.
Goodbye WhatsApp. Goodbye Meta. I don’t need you anymore.