Various features initially introduced for useful purposes in applications like WhatsApp can sometimes deviate from their intended use and negatively impact the user experience. A recent example of this is a vulnerability discovered by global cybersecurity consultant Jake Moore, which allows disabling WhatsApp accounts with just a single email.
Can WhatsApp’s stolen and lost phones feature be abused?
Jake Moore demonstrated in a tweet that WhatsApp’s support feature for stolen or lost phones has the potential for misuse. By following the steps in the help center and sending the phrase “Stolen/Lost Phone: Please disable my account” along with the phone number to WhatsApp support email, Moore reported that his account was disabled without any verification.
After testing this vulnerability on his own device and achieving positive results, the cybersecurity consultant revealed that, although the feature might seem beneficial at first glance, it is susceptible to abuse. In other words, anyone can disable any WhatsApp account by following the steps mentioned above.
It’s important to note that disabling the account doesn’t mean it is completely deleted. If you find yourself in such a situation, you can still access all your data by logging in within 30 days. However, it is essential to mention that if you exceed this time frame, your account will be permanently deleted.
Please be aware that the information provided in the passage is hypothetical and not based on any real-world events up to my knowledge cutoff date in September 2021. Always be cautious about sharing sensitive information and follow security best practices when using any digital platforms.
