WhatsApp user reports accidental account takeover after phone number swap

Share post:

WhatsApp users have been warned that a stranger may be receiving their private WhatsApp messages and may also be able to send messages to all of their contacts if they change their phone number but do not delete the WhatsApp account associated with it.

The security flaw is caused by wireless carriers’ practice of recycling former customers’ phone numbers and distributing them to new customers. WhatsApp admits that this can happen, but it is extremely rare.

It happened to a user’s son, who had long-term access to that person’s private messages as well as group messages, both personal and work-related, according to the user.

The son, a WhatsApp user in Switzerland with a Swiss phone number, relocated to Paris for work and obtained a new French phone number and SIM card. He was still using WhatsApp, which continued to send and receive messages as usual, oblivious to the phone number change. He later changed his phone number on WhatsApp.

His phone was immediately flooded with all of the groups from a stranger, and he began receiving all new messages intended for that person, whether individual or in groups. His profile photo was also replaced with the other person’s.

The incident was reported to WhatsApp and parent company Meta, and it was determined to be a recycled phone number issue rather than a WhatsApp-specific bug. Although Meta acknowledged that “this is a concern,” she stated that it did not qualify as a bug for the bug bounty program.

The sources for this piece include an article in TheRegister.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways