My friend's WhatsApp was stolen and recovered

My friend's WhatsApp was stolen and recovered
WhatsApp account stolen and recovered

Sometime ago, a friend's WhatsApp account was stolen by a hacker. We noticed it as the hacker starting spamming Anti-Christ and pornographic messages in the group chat. I blocked the account immediately. Several of us also warned others to be careful as the hacker may use contact details to hack others.

Fortunately, my friend managed to regain control of the WhatsApp account after a week or so. After confirming that my friend had recovered the account via out-of-band mechanism, I have removed the block.

This were the actions my friend took to recover the account:

Deactivate Voice Mail

In the even there are confidential voice messages in the voice mail inbox, this should help to prevent loss of information.

Submit a Police Report

One of the first thing to do is to submit a police report. While the police may not be able to help in the recovery of the account, it serves to protect us incase hackers uses the compromised account to commit further crimes.

Inform the Telco Service Provider

To deter further loss of information and other accounts associated with the phone number, inform the telco service provider to deactivate the phone number. This should also terminate other services associated with the account such as voice mail (above).

Contact WhatsApp about the hack

Obviously, we have to inform WhatsApp about the hack and attempt to regain control of the account. The support email account is and their contact website is

For normal users, click on the WhatsApp Messenger Support.

This will lead us to their form where we can provide our contact details and inform about the hack.

Protect yourself

Protection is always better than cure. This applies to all online accounts.

Deter hackers with Two-Factor Authentication

Use Two-factor authentication to protect your accounts. Most banks already implemented this and it is used in many online site like Facebook, Google, Microsoft, Linked In etc. I used both Microsoft Authenticator and Google Authenticator. WhatsApp has a two-step verification mechanism too.

Never share One-Time Password

Regardless who the person maybe, one basic rule applies and that is Never share OTP. Official sources (such as banks) will never ask for the OTP.  My friend probably fell for this WhatsApp OTP scam.