I've been using WhatsApp as well as my current phone number for at least eight years now. As of now, everything went pretty smooth. That's why the message four days ago, 13rd of August 2021, struck me: "You've been banned from using WhatsApp". I researched into the problem and contacted the WhatsApp support explaining that there shouldn't be any wrong-doings from my end. As a coincidence, I got a six-digit verification (?) code via SMS about an hour later (though I received a popup of someone else logging into my account beforehand).
Anyhow, two days pass and WhatsApp unbans me without a reason stating to why this happened. I moved on. Had to sign up on WhatsApp again (getting the "normal" verification message, i.e. a code including the normal message and not just six digit message). On top of my normal WhatsApp code, I now included my mail as a back-up 2FA mail.
... So comes yesterday evening. I get a pop-up stating someone tried logging into my account (+ a SMS message with only six digits). Went ahead with my day as there is nothing I could do except of not sharing the code. Today, 17th of August, I logged into my WhatsApp account and once again someone else "logged into my account". Upon trying to verify my number, I get a "You've been banned from WhatsApp" message. Here we go again: Contacting the WhatsApp support explaining myself.
I did some research and it appears to be a known security issue (many published articles, e.g. in Forbes). Beautiful! WhatsApp doesn't intend to fix this mess. That's on their part.. Now one question arises: How can I protect myself? I don't know a possible attacked - and WhatsApp for sure doesn't know as well (or if they do, they won't tell me). In the above mentioned article, a Facebook spokesperson is quoted to have said:
providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate.
I did in fact connect my mail with WhatsApp and guess what? They apparently accepted someone else's report, thus banning me from my own WhatsApp account. How is this supposed to continue? Some revenge-hungry ex-business partner, girlfriend, whatever will do that every few days - consequently disabling my WhatsApp every day or so? This app is being used by two billion people and they don't account for such a simple exploit?
Additional informations:
- Not using the app is in my situation not a possibility as my whole social environment uses WhatsApp regularily.
- I'm based in Germany (+49). The first "weird" six digit WhatsApp code was sent by a +49, the legitimate WhatsApp message (to unlock myself after the ban from a +44) and the third "fishy" seeming number from a +1. I did some basic research on those numbers and didn't get any known hits for them.
- After my unban, I asked the support if there are any problems with my account - to which a employee responded my logs seem to be clear (thus validating the theory that my account is being "hijacked" / exploited by someone else).
