Recently, someone I am familiar with lost his WhatsApp account. In short, a verification code from WhatsApp arrived. Message from number he is familiar with, asking for the verification code, then arrived and "he sent the code". After that, his WhatsApp account lost. Here is why WhatsApp security fails.
WhatsApp 2-Step Verification is Boomerang
Right after the hijacker's gets WhatsApp account of his target, the hijacker sets 2-step verification. This can be done by entering a PIN (personal identification number) and email. This is really a boomerang that prevents the owner to get his WhatsApp account back as mobile number is now useless. Everything should be done through the hijacker's email. The only one possibility is that the victim of the piracy accidentally puts the right PIN set by the hijacker.
What You Need to Do?
WhatsApp is not the only one messaging app on iOS and Android. You can have some others messaging app which guarantee your privacy. The app that totally rely on you number rather than email. Once your WhatsApp account is hijacked, there is nothing you can do except borrowing your family members' phone and call all people who are in your phonebook and tell them not to respond any request made my you from your lost WhatsApp account. You know, this is almost impossible to do.
Some suggest that if your WhatsApp account is stolen, send a "deactivating account" request to WhatsApp. This is also useless. The reply would only be about how to secure your WhatsApp account by applying 2-step verification.
If you encounter the similar case as explained above, the only one possible solution is waiting until the PIN set by hijacker is not applicable. In this case, you need 6 days to wait. In other words, WhatsApp gives special opportunity to the hijacker to request anything the hijacker wants to your WhatsApp contacts within those days.
