WhatsApp user reports accidental account takeover after phone number swap

Share post:

WhatsApp users have been warned that a stranger may be receiving their private WhatsApp messages and may also be able to send messages to all of their contacts if they change their phone number but do not delete the WhatsApp account associated with it.

The security flaw is caused by wireless carriers’ practice of recycling former customers’ phone numbers and distributing them to new customers. WhatsApp admits that this can happen, but it is extremely rare.

It happened to a user’s son, who had long-term access to that person’s private messages as well as group messages, both personal and work-related, according to the user.

The son, a WhatsApp user in Switzerland with a Swiss phone number, relocated to Paris for work and obtained a new French phone number and SIM card. He was still using WhatsApp, which continued to send and receive messages as usual, oblivious to the phone number change. He later changed his phone number on WhatsApp.

His phone was immediately flooded with all of the groups from a stranger, and he began receiving all new messages intended for that person, whether individual or in groups. His profile photo was also replaced with the other person’s.

The incident was reported to WhatsApp and parent company Meta, and it was determined to be a recycled phone number issue rather than a WhatsApp-specific bug. Although Meta acknowledged that “this is a concern,” she stated that it did not qualify as a bug for the bug bounty program.

The sources for this piece include an article in TheRegister.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways