HN2new | past | comments | ask | show | jobs | submitlogin

Several friends of mine had their WhatsApp completely hacked. Basically, hacker would spam recovery, which results in a phone call to the victim. If the victim doesn’t pick up the phone, the recovery code goes to voicemail. Hacker accesses voice mail (password protected yes, but for lots of people it’s a birth year, 1234, 0000, or last 4 digits of their phone), and voila they have access to your WhatsApp. They can’t see your messages but can see all the groups you’re in and message those.

Completely preventable by having WhatsApp 2FA enabled.



And some systems still don’t ask for pin if you are calling from your phone. So if you spoof their CID (very easy to do) you get in with no password


Wow that is terrible. Wouldn't that violate multiple data protection laws?


This was how most of those "royal family voicemail hacks" from a a decade ago were done...

https://www.nytimes.com/2010/09/05/magazine/05hacking-t.html


Ah maybe, maybe not … best effort blah blah cybercriminals something.

So you see, your honor, as a service provider, we did no wrong.


Had this done to me BUT luckily WhatsApp has a “pin” feature, which prevented hackers getting any further. Not as secure maybe as a 2factor but saved my day. Highly recommend.


Another unintentional benefit to clinging to Google Voice for dear life... Though I don't use WhatsApp.


I have Whatsapp 2FA enabled, but to be honest it’s a pain. It’s a PIN that the app asks you to confirm again and again forever, every few days.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: