Report: WhatsApp accounts potentially at risk.

Security researchers Jake Moore tweeted that it appears to be possible to deactivate any WhatsApp account by simply emailing the company. If a user emails the phrase “Lost/Stolen:Please deactivate my account” along with the account’s phone number, the service will temporarily deactivate the account. Moore found that the request can be sent from any email address. The account can be reactivated if the user logs back in within thirty days, but Moore points out that someone could write a script that continually emails deactivation requests.

Forbes notes that WhatsApp appears to have suspended the automated deactivation of accounts, and is now requiring users to send a phone bill to verify their ownership of the account.

WhatsApp is increasingly important to business communications.

Steven Spadaccini, VP of Intelligence at SafeGuard Cyber, commented:

“The recent warning to all WhatsApp users that their accounts could be deactivated by anyone sending an email is concerning as the application is fast becoming central to successful business communication. From over 1.8 million users at the start of 2022, more than 2.24 million people now communicate and collaborate through WhatsApp. The application’s proximity to the rest of the device, and all the other apps on that device, make it a potential entry-point for serious trouble, and account compromise is a key security concern. 

 “At the moment, there’s no way to stop this potential attack from impacting your organization, but there are ways that businesses can help protect employees using the application for business communications. Securing users’ account settings is a good place to start, but organizations can go a step further by gaining full visibility into their WhatsApp communications to monitor for malicious activity and establishing WhatsApp security protocols with solutions that will allow them to customize their policies, and quickly apply those policies across the entire channel.”