Security

Can your WhatsApp be hacked? Here’s why you might be at risk

Ray Fernandez

Aug 1, 202414 min read

Can your WhatsApp be hacked? Here's why you might be at risk (Header image)

With over 2 billion active users worldwide and strong security features, WhatsApp is the world’s most used mobile messenger.  Users love it because it runs on both iPhone and Android and is fast, simple, and free. But can WhatsApp be hacked in 2024?

Can WhatsApp be hacked? What you need to know

WhatsApp can indeed be hacked, despite its end-to-end encryption. Its encryption, as well as its two-factor authentication, does make it more difficult for hackers, but they will always find ways around it.

The hacks you most need to be on the lookout for are less of the technical kind, and more like social engineering people into handing over verification codes, having your phone number transferred to another SIM card, and enticing you to click on malware-infested links. 

Join Moonlock Beta

Spyware naturally will always remain a serious threat, but usually only governments and law enforcement have the funds, the time, and the motive to go down that route. Opportunistic hackers, on the other hand, want quick easy results before people wise up to what is happening.

The most common ways to hack WhatsApp in 2024

As of 2024, there are two common trends in WhatsApp hacks. The first involves close relatives, friends, or partners hacking accounts. The second involves cybercriminals targeting users to steal data, launch scams and ransomware, or spread malware.

1. WhatsApp number hack

This is one of the most common techniques for hacking WhatsApp. If a hacker has access to your phone, it becomes incredibly easy for them to hack your WhatsApp account.

The WhatsApp number hack involves a hacker registering your number on the WhatsApp application. They do this by simply downloading the app to their phone, entering your telephone number, and getting the verification code to access the account. As mentioned above, if the attacker has access to your phone, all they have to do is send the request for the verification code and read it from your phone.

If an attacker doesn’t have access to your phone, they can try to trick you into handing over the code. Be wary if you receive a text message with a WhatsApp verification code and one of your WhatsApp contacts immediately contacts you, asking you to share the verification code. If you reply with the verification code, your account will be hacked, as reported by IT Pro.

2. WhatsApp forward call

This method requires some technical knowledge but is still popular because it gives the attacker not only instant control of a WhatsApp account, but also access to all incoming calls the victim may receive. This attack can also shut a user out of their own WhatsApp account in just minutes.

In this type of attack, sent messages can hack the WhatsApp account. You will first receive a text message, an email, or a phone call tricking you into calling a phone number that has a Man Machine Interface (MMI) code. And if you fall for the trick and make the call, you will automatically forward all your calls to the attacker’s number.

After the attacker has forwarded your calls to their phone, they just need to install WhatsApp, register your number, and ask WhatsApp to send the verification code via a phone call.

3. WhatsApp Web hack

Another popular method of hacking WhatsApp is via its web version. WhatsApp Web allows users to use their account on any web browser. To access and log in to WhatsApp Web, users have to scan a QR code that appears on the web browser service.

How to add a device to WhatsappWeb: Screenshot

Then you should open the WhatsApp app, go to Menu or Settings, and select Linked Devices. This opens the camera to scan the QR code.

You can imagine how easy it is to hack a WhatsApp account with this method if the attacker has access to your phone. But even when they do not have access to your phone, they can still use QR techniques. Hackers can extract the QR code from WhatsApp Web and mount it on another malicious page. If you scan that QR code using WhatsApp — or sometimes even with your phone camera — they can steal your login credentials and use them to hack your account.

4. WhatsApp Spyware

In 2024, the most popular method for hacking WhatsApp is through spyware.

Some commonly used methods are parental spyware like FlexiSpy or mSpy. For example, KidsGuard is one of the best-ranking third-party apps used to hack WhatsApp. With these apps, users can remotely gain access to messages, audio, statuses, photos, videos, and much more. They can also hack several accounts at once and view your entire history.

5. WhatsApp DarkWeb and criminal attacks

DarkWeb malware is another source of WhatsApp hacking. In these types of attacks, hackers often target financial data or the confidential information of businesses or organizations. Today, amateur cyber criminals don’t even need to have technical knowledge. WhatsApp hacking tools and services are sold for cheap on the DarkWeb.

Additionally, cybercriminals release malware and mount attack campaigns when they find vulnerabilities in the app. Advanced cybercriminal malware can also execute a WhatsApp encryption hack. For example, as CheckPoint reports, malware disguised as a Netflix content enabler app named FlixOnline allowed attackers to distribute phishing attacks, spread false information, or steal credentials and data from users’ WhatsApp accounts.

How to know if your WhatsApp has been hacked

Fortunately, there are several ways to determine if someone has hacked your WhatsApp. Most of this advice falls into three categories.

1. Unfamiliar devices logged in to your account

WhatsApp Web makes it easy to tell if someone has accessed your WhatsApp account. All you have to do is open WhatsApp on your phone, and go to Settings > Linked Devices. You will be able to see all the devices remotely accessing your account. Simply click “Log out of all devices” to shut down any remote connection. You can mitigate this risk by putting a secure PIN on your phone, and activating FaceLock on WhatsApp if you have an iPhone. WhatsApp also offers users the ability to put a separate unique PIN on their WhatsApp account.

2. Strange and suspicious activity

If you ever have a gut feeling that your WhatsApp is hacked, don’t ignore it. Because if you’re getting WhatsApp messages or calls with unsolicited verification codes, it’s likely that someone has hacked your account or is trying to access it.

You might notice strange messages from unknown contacts. Or perhaps your own account is sending messages to unknown contacts (so always check your archived messages on a regular basis). Additionally, once hackers take control of an account, they will go after that account’s contacts. So if you receive suspicious messages from a “friend” asking you about verification codes, you are being targeted in an attack.

On the other hand, if you hear suspicious noises when making calls or sending audio clips, this might be caused by spyware installed on your phone without your knowledge. In that case, immediately wipe your phone and reset it to factory settings. Then run a malware scan with a trusted anti-malware app.

3. Poor phone performance

Malware may be installed on your phone because you downloaded it without noticing or because someone got hold of your phone and installed it.

How your mobile phone performs can be a telltale sign. If you notice that your battery is draining much faster than usual, this could mean that hidden applications are running in the background.

When a cell phone works at total capacity, it will slow down, crash, freeze, and the temperature of your battery will be higher than usual. These are some easy-to-spot telltale signs that something is wrong. Plus, there are ways to determine which apps and processes are running on your mobile phone.

To check if you have been the victim of a WhatsApp iPhone hack, you can check the Running Services Developers option or Background App Refresh.

To check apps running through Background App Refresh:

  1. Go to Settings.
  2. Select General.
  3. Click on Background App Refresh.
  4. You will now see a list of apps running in the background and can switch them off or on.

4. Suspicious media being sent

If someone has control of your WhatsApp account, then they may be sending malware-infected files to your phone contacts. As well as checking suspicious messages, you can also go to Settings > Storage and data > Manage storage. There, you will see the media passing through your WhatsApp account. You can delete media files from this page.

5. Has two-step verification been disabled?

If someone is able to gain physical access to your phone, they can disable two-step verification. This alone is a very good reason to check your WhatsApp settings regularly. Just go to Settings > Account > Two-step verification. This risk can be greatly reduced if you put a PIN on your phone and a PIN on your WhatsApp. And don’t let your phone out of your sight.

6. Do you use WhatsApp Web?

WhatsApp Web is an amazing convenient way to send WhatsApp messages. Just sit at a laptop and send and receive your messages. But saying that, WhatsApp Web can also be a security nightmare. It is very easy to forget to log out, and someone else can easily come up to the computer and have complete access to your WhatsApp account. That is why you should always check the Linked Accounts section in Settings. People can use your WhatsApp Web instance to scan their phone and connect it to your WhatsApp account. They can also connect by sending you a QR code disguised inside a link and tricking you into clicking it.

What to do if your WhatsApp account is hacked?

Since there is no password on a WhatsApp account, it is not a simple case of changing your password. Instead, you need to carry out a few other actions.

Make sure you have disconnected all linked devices on your account

The chances are that someone has connected your account to theirs via a WhatsApp Web login. Therefore, the very first step is to disconnect ALL devices from Settings > Linked Devices. Even your own devices. Disconnect them all. No exceptions.

Wipe your phone and run a malware scan

If someone has managed to get physical access to your device, then it is possible that they installed malware. Or you may have been tricked into clicking a malware-infected link. In that case, run a malware scan with a trusted anti-malware app, then wipe and reset your phone. Then run a malware scan again.

Warn your contacts

Once you have reinstalled WhatsApp, start warning your contacts that your account has been compromised. Tell them not to click any links, send money, or reveal any personal information.

Update your phone’s operating system and all apps

You should be doing this anyway, but check that the phone’s operating system, and all apps have been updated to their latest versions.

How do you recover a hacked WhatsApp account?

As there is no password that can be reset by a hacker, “recovering” an account only really amounts to reinstalling WhatsApp and re-registering your phone number. 

  • You can do this by opening a freshly installed WhatsApp and following the on-screen instructions.
  • Then enable two-step verification.
  • Also add a strong PIN to your WhatsApp.
  • Check the “Linked Devices” again to make sure that nothing is there.

Be aware that if a hacker has had time to transfer your account to a new phone number (which can be done via Settings > Account > Change number, then it is impossible to recover your account. WhatsApp will be able to do nothing. So speed is of the essence if you suspect that your WhatsApp has been hacked.

How to report a compromised WhatsApp account?

The only way to directly contact WhatsApp is to email them at [email protected]. However, WhatsApp obviously receives a lot of email at this address, so it could be a while before they reply to you. They also focus on account recovery, and not so much on investigating specific hacking incidents.

Are there any WhatsApp security issues you should know about?

Although WhatsApp encryption is extremely good, there are still some weaknesses in the chain that represent potentially serious threats to your WhatsApp account.

Google Drive and iCloud backups

If you have an Android phone, then you can make a backup of all your contacts and WhatsApp chats to Google Drive. If you have an iPhone, those backups go to your iCloud account. Once that data leaves the WhatsApp ecosystem, then it is in the hands of Google and Apple’s security protocols, and privacy policies.

Metadata is still visible

Even though the WhatsApp chats are end-to-end encrypted, the metadata is not. In many cases, the metadata can be more damaging than the actual chats. Metadata includes who you are talking to, and the date and time of the conversation. Prosecutors have frequently managed to convict and jail criminals on the metadata evidence alone.

Data is likely shared with Facebook

Despite Facebook’s protestations to the contrary, it is extremely likely that they have a backdoor into WhatsApp’s encryption. After all, they own WhatsApp so they likely view user data as their property to do with as they please. This then exposes you to targeted advertising and possibly having your data handed to law enforcement at their request.

How to make your WhatsApp more secure

A few simple steps can do the trick to keep your WhatsApp and your phone safe.

1. Enable 2FA

Two-factor authentication (2FA) is a must when it comes to WhatsApp security. To enable 2FA, open the WhatsApp app on your iPhone or Android device. Navigate to Settings > Account > Two-Step Verification, and tap Enable.

2. Block your screen

Many attacks today occur when a hacker physically grabs someone’s phone and steals information or installs malware. To avoid this, always enable a good screen lock security method. Whether using Face ID, fingerprint, or a strong pin code, never leave your phone unlocked and unattended.

3. Enable Touch ID or Face ID

Just like you can block your main mobile screen, you can also block your WhatsApp by enabling Face ID or Touch ID. To enable this security feature on your iPhone, open WhatsApp and go to Settings > Account > Privacy > Screen Lock. Here, toggle on the Require Face ID or Require Touch ID options.

4. Watch out for scams and phishing

Hackers are constantly evolving to bypass security measures. However, they will always require some interaction on the part of their victims. Be cautious about emails, voice calls, WhatsApp messages, or SMS. And never download attachments from, click on links from, or give away information to unknown sources.

5. Change your privacy settings

WhatsApp allows you to control who can view your information. Fortunately, you can hide your Profile photo, About, Status, and Last Seen data. The app gives you the choice to customize the information you want to be shared with everyone or with your contacts. This feature can prevent strangers from accessing your information. To change your privacy settings, go to Settings > Account > Privacy. 

The WhatsApp help center recommends that users block and report any contacts that engage in illegal, unethical, unsolicited, and suspicious activity in the app. And while there are many ways to hack a WhatsApp account, most of them can be prevented if you are well informed and take the necessary precautions.

FAQ about WhatsApp security

Can someone hack your phone by texting you on WhatsApp?

It is highly unlikely that your phone or WhatsApp account will be hacked just from receiving a text message. Malware usually requires that users interact with the attacker, meaning you have to click on a link, download a file, or respond to a message. If you receive a suspicious message, the best thing to do is to report it, delete it, and forget about it. Unless you interact with the attacker, chances are you won’t be hacked.

That being said, a new trend of sophisticated attacks is becoming more common. In this case, a user can hack your phone just by sending an image, a GIF, a text, or a file. These types of attacks are known as zero-click attacks because the victim does not need to interact with the message to risk being hacked. A famous example of malware capable of breaching a phone just by sending a text message is Pegasus.

Can you get hacked by replying to a text on WhatsApp?

Anytime you take action on an attack, you risk being hacked by setting in motion a series of events that the attacker put in place. Experts recommend never interacting with unknown senders, clicking links, opening attachments, or giving away information. Even if the message wasn’t sent by hackers, it might be a WhatsApp scam.

Can someone hack your WhatsApp without your phone?

Yes. There are ways to hack a WhatsApp account even if the attacker doesn’t have your phone. While WhatsApp only allows one active phone line per account, attackers may use malware that redirects or forwards all your text messages and phone calls to a phone number they own. Then they log in to your WhatsApp with your phone number and ask for a verification code, which is automatically forwarded to their phone.

Another way of hacking an account without a phone is to hack the online service WhatsApp Web. This can be done by tricking an unsuspecting user into scanning a QR code which will give the hacker access.

Can WhatsApp calls be tapped?

WhatsApp calls can theoretically be tapped. However, in practice, end-to-end encryption makes tapping extremely difficult. The only time it could theoretically happen is if there is an unpatched and undiscovered vulnerability in the encryption. If a hacker found it first, they could quickly exploit it before WhatsApp can patch it. Governments also have the hardware and the budget to continually scan for weaknesses. But in general, tapping WhatsApp calls is extremely difficult.

Is it safe to give a WhatsApp number to strangers?

Revealing your WhatsApp phone number to a stranger is not recommended – because your WhatsApp phone number is your actual phone number! Once they have the number, they can harass you outside WhatsApp, use it to steal your identity, take over your WhatsApp account, or leave yourself exposed to an avalanche of spam. If you absolutely need to give a WhatsApp number (for example, business), then get a separate number and register it under your business name.

How to identify who hacked your WhatsApp account

It is impossible to find out the actual identity of someone who has hacked your WhatsApp account. This is because end-to-end encryption is specifically set up to protect user privacy, including ironically, anyone using your account without permission!

Can hackers see my deleted text messages on WhatsApp?

There is a very slim chance that hackers can see your deleted messages on WhatsApp. But with great emphasis on “very slim.” Thanks to end-to-end encryption, a hacker cannot remotely break into your phone to view messages.

There are however weak points in the chain. Someone can gain access to your account via WhatsApp Web or by gaining physical access to your phone. If they have access to iCloud or Google Drive, they can download your message backup and get deleted messages that way.

How do I log out from a hacked Whatsapp account?

There is no password on a WhatsApp account so “logging out” is not possible. If you feel that someone has access to your account, the equivalent to logging out would be to uninstall WhatsApp on your phone, reinstall it, and re-register your number. This will automatically log out any other connections to your account.

Conclusion

You can be the most careful WhatsApp user in the world, but it only takes one moment, when you are stressed, distracted, or busy, for your vigilance and judgement to slip. By implementing the security advice listed here, you can mitigate any potential damage and keep control of your WhatsApp account.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.