Nothing related to HengBoi but just thought i should share to create awareness. Never would I have thought that WhatsApp can be hacked tsk. I heard of Facebook , bank account etc but not WhatsApp.
How it happened?
My WhatsApp account was recently hacked.
I had received a WhatsApp message from a personal friend requesting that I forward her a SMS One-Time PIN (OTP) that was sent to me via WhatsApp as she was experiencing issues with her phone. To reinforce the illusion of urgency, there were 2 WhatsApp calls placed to me as well. Being pre-occupied with other matters, I had forwarded the OTP to my friend without much thought as the message was from somebody I know personally. Immediately after sending the OTP, my WhatsApp account on my phone was locked out and I no longer had access.
Note: When you log in to a recently installed WhatsApp application on a phone, you are required to link the WhatsApp to your mobile number, and verify the login using an OTP sent via SMS or phone call to your mobile number. The OTP is a security feature to proof that you are in possession of the mobile number to be logged in to WhatsApp. In the event that a wrong OTP is entered, the account will be locked for a period of time before you can attempt to enter a verification OTP again; the lock out period is extended with every wrong OTP entered (e.g. from a 10 min lock out period to 60 min to 7 hours with every subsequent wrong OTP entered).
After I had been locked out of my WhatsApp account on my phone, I attempted to re-login to my account by requesting a new OTP; I received new codes via SMS, but were unable to successfully verify my account. This happened over several tries to get new OTPs and verify them in WhatsApp, resulting in my lock out period being extended substantially. I later discovered that the OTPs I had been receiving via SMS had likely been sent through a fraudulent number impersonating WhatsApp, and this had prevented me from regaining control of my account.
While attempting to recover my account, I had informed my contacts through calls, SMS and FaceBook that my WhatsApp account has been hacked, and not to reply or provide any information they received any messages/requests from my WhatsApp account. Unfortunately, some of my friends had also fallen prey to the hacker, and their WhatsApp accounts were hacked as well.
As the OTP received via SMS do not work, I had also requested for OTPs to be sent via phone calls. However, as I was now wary of answering calls from unknown numbers, especially overseas calls, I had not answered several incoming calls, some of which my phone showed to originate from Texas, USA. It was only later that friends shared with me that these calls were actually from WhatsApp to inform me of the OTP. Eventually, I waited out the lock out period and managed to recover my WhatsApp account using the phone call option to receive a new OTP after many hours.
Note: Once I have regained access to my WhatsApp account, the hacker no longer has access and will be locked out from my account. Hence, it is important to attempt to regain control of your WhatsApp account as soon as possible once it has been hacked to minimise the time the hacker has to manipulate your account.
By gaining control of such accounts, hackers could attempt to seek monetary gains by e.g. asking your friends and contacts to send them money by impersonating you, or illegally obtain your data and information for illicit use.
Secure your WhatsApp account to prevent hacking
To prevent your WhatsApp account from being hacked, users can set up the two-step verification feature on the application. This is an optional security feature that, when enabled, will require a six-digit PIN created by the user when there is any attempt to verify the mobile number on WhatsApp. To enable this feature:
- Open WhatsApp > Settings > Account > Two-Step verification > Enable;
- Enter your chosen six-digit PIN and email address (optional, but the email address will allow WhatsApp to send you a link via email to disable two-step verification if you forget your PIN
It is important to remember that one should never provide your personal information, especially passwords and other confidential information to others, even if is to meant for someone you may know. Always verify directly with the person via a phone/video call first!