You May Accidentally Hijack Someone’s WhatsApp Account Due to A Mobile Number Reuse

Joseph Cox of Motherboard explained how he accidentally hijacked someone’s WhatsApp account. He was receiving hundreds of messages, including images, videos of children, and YouTube links, from dozens of unknown WhatsApp users and groups. He said that it was due to an issue of how mobile numbers are issued to people. When he signed up for a WhatsApp account with a new mobile number, he started to receive direct messages as well as group messages that were meant for the original owner of that mobile number.

This indicates that people can unexpectedly be cut off from online services their mobile number is linked to. This issue also highlights the privacy and security problems that come with that. Joseph Cox highlighted the importance of using two-step verification for WhatsApp.

Cox bought a pay-as-go SIM card earlier this month as he wanted a fresh mobile number for a specific article. He downloaded WhatsApp and registered an account with the new mobile number. When he signed in to WhatsApp for the first time, he saw that he was immediately in several group chats with other users that were not known to him.

When he checked his ‘status’ in the WhatsApp application, he found that his profile picture was of a blonde woman. This indicates that this account was not really his WhatsApp account, and it belonged to someone else. Joseph Cox continued to receive these messages for more than a week. However, he could not access historical messages from before he signed in to the WhatsApp account.

The Motherboard reported that the root of this issue appears to be mobile number reuse. A carrier may recycle or re-assign a particular mobile number if it has not been used in some time. This can result in people inadvertently possessing mobile numbers that are already used as a piece of 2FA for someone else’s accounts. This re-assigning is beyond the control of WhatsApp.

The WhatsApp messaging service has written on its website that the company monitor account activity to eliminate confusion with reused or recycled mobile numbers. If a person has not used their WhatsApp account for 45 days, and then the account becomes newly activated on a different device, WhatsApp considers this as a sign that a number has been reused or recycled. Then, the company will remove the old WhatsApp account data such as profile picture and About. However, in Joseph Cox’s case, the account seems to be in active use.

A company’s spokesman sent an email to Motherboard stating that WhatsApp takes several steps to prevent the unauthorized usage of any account. WhatsApp offers ways for users to remove or transfer their WhatsApp accounts to a new mobile number. The company encourages users to use two-factor authentications.

To avoid this issue, make sure that your mobile number remains active or your carrier does not reuse or recycle your mobile number. You should also turn on two-step verification for WhatsApp. The 2FA feature will prevent someone from getting hold of the mobile number if it is reused, however, it can at least stop someone from accessing your account.

Photo: NurPhoto via Getty Images

Read next: WhatsApp tests new colors to the dark mode, plans to bringing support for video and voice calls on WhatsApp Web version
Previous Post Next Post