Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Hackers locked my dad out of WhatsApp – need advice
13 points by uj8efdkjfdshf on Dec 20, 2020 | hide | past | favorite | 8 comments
So about 5 hours ago someone managed to transfer my dad's WhatsApp account to another phone. We're currently locked out of phone and SMS verification because this has been requested too many times. I know this is a bit of a long shot, but does anyone know who I could contact to find out what is going on? I'm really worried that they might be trying to collect PII on him to mount a social engineering attack in the future.



I emailed whatsapp about this a while back and they said it was a non-issue.

How this happens:

1. Hacker adds phone number to their own whatsapp. They do this to thousands/tens of thousands of phone numbers.

2. All of those phone numbers receive an SMS with the OTP to activate whatsapp. In that OTP, there's also a link that will activate whatsapp if you click it. "Enter code XXXXXX or click this link to activate whatsapp on your new phone"

3. Someone, somewhere eventually clicks that link.

4. Hackers take whatsapp account. Add two-factor authentication to it so that you can't take it back by reauthenticating normally.

5. Extortion.

People usually get it back by contacting whatsapp.


Please reach out to the product security team at Facebook.


Is his sim card working, or have they done a sim swap attack?


I'm leaning towards no at the moment - mainly because the hackers appear to be based in a different country, and because they appear to be brute forcing the WhatsApp verification code API. Also, his phone could still do outgoing calls when he tried it earlier.

He said that he got a ton of SMS verification messages from WhatsApp and random phone calls from Argentina, Mexico and the US over the past few days that he was ignoring - not sure how they managed to bypass rate limiting on that.


[flagged]


It's amazing how often you see this response. It shows how socially disconnected some people are.


No this just shows how dependant people are on a single platform. Remember Facebook? Yeah enought said.


This don't use x advice is not practical.

People use WhatsApp because other people do. Not because it's the best thing out there.


Exactly, WhatsApp is not the only softare in whole wide world.

Btw, thanks for downvotes WhatsApp staff. This just shows that I was right :)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: