Update: WhatsApp reached out to IndiaTV with a quote saying, “Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate."
WhatsApp is currently one of the most popular cross-platform messaging applications. With a huge user base, it also gets vulnerable to a lot of attacks. Security researchers Luis Márquez Carpintero and Ernesto Canales Pereña have discovered a flaw in the app that could help attackers to remotely suspend your account.
The flaw is not something that has arrived with a recent update but has been in the app for quite some time now. Due to this, a large number of WhatsApp users are said to be at risk. The attackers can easily deactivate any WhatsApp account easily and they can even restrict you from activating it back. Even if you have enabled two-factor authentication (2FA), the attackers can manage to disable your WhatsApp account.
It is due to two major weaknesses. The first weakness will allow an attacker to enter your phone number on WhatsApp installed on their phones. The attacker can then enter your phone number countless times without entering the OTP, which will lead to blocking code entries on WhatsApp installed on the attacker's phone for 12 hours.
The attacker will not be able to deactivate your account just by entering the number many times. They will be able to contact WhatsApp support to deactivate your phone number from the app. They just need to write a simple email from a new email address saying that the phone has been stolen or lost.
Before deactivating your account, WhatsApp will ask for a confirmation that the attacker will quickly provide from their end. This will deactivate your WhatsApp account. The user will no longer be able to access the app on their phone.