Jeff Bezos is in the news. Saudi Crown Prince Mohammed Bin Salman is in the news. Why? Because, WhatsApp. Now, whether the Saudi Crown Prince had anything to do with the alleged hacking of Bezos’ WhatsApp or not, there remains no doubt that the Facebook owned WhatsApp has some serious privacy and security issues. This isn’t the first time it has happened either, as the past 12 months or so would testify. That puts its more than 1.6 billion users at risk. Including you. And here is what you should do with WhatsApp on your phone. Believe me, you have not done this already. Just do it!
Open WhatsApp on your phone and go to Settings -> Account -> Two-Step Verification and tap on Enable. This will allow you to create a six-digit PIN which you will have to punch in any time you want to set up WhatsApp on any phone. This is separate from the verification code that you may get via SMS at the time of logging into WhatsApp for the first time on a phone. After setting up this PIN, you can also optionally enter an email address which will allow WhatsApp to send you a link to reset the two-step verification in case you forget the six-digit PIN.
But why do you need this? All it takes is a hacker to get control of one WhatsApp account to be able to replicate the same hacking technique on pretty much everyone else in your WhatsApp contacts list and groups. The way these work is that a hacker will try to authenticate the WhatsApp accounts of other users on a device that he or she may have, and for that, the first time verification PIN will be sent by SMS—and the hacker will send a harmless looking message from the person whose account has been hacked to everyone in the groups to forward the message they receive. The moment you do, believing it is your friend who is messaging (who isn’t—actually, the friend doesn’t even know this is happening) and you may forward that message anyway. Armed with the first layer authentication PIN, a hacker is then able to take charge of other WhatsApp accounts.
Now, at this stage, if you have the two-step verification enabled, a hacker will be unable to actually set up your WhatsApp account, because they will not have this six-digit pin which you created as a second line of defense.
A user whose account has been hacked will only know when they actually open WhatsApp and they receive a pop-up saying that their WhatsApp account has shifted to another device and they need to re-verify here to continue. And that can get messy.