A serious vulnerability has been detected in the popular WhatsApp Messenger, which enables to deactivate an account simply by writing an email to the company. Using this method, people can deactivate not only their accounts, but also those of others. This vulnerability was discovered by cybersecurity specialist Jake Moore.
According to him, if you write a letter to the WhatsApp support service with a request to disable the given user account, the company's employees do not check whether the writer of the letter is the owner of the given user account, and will simply disable the profile from the device. In this case, the user will not receive messages until launches the app and signs in to the account again. This procedure is used in case of losing the smartphone on which the WhatsApp app is installed.
Deactivating an account, however, does not mean that it is permanently deleted. Profile and correspondence are stored on WhatsApp servers for 30 days, during which time the user can restore them. To regain access to the account, the user must launch the app and enter his phone number. The user will be sent a verification code, which will then need to be entered into the app. After that, the account and correspondence will be available again.
But if the user does not log into his account within 30 days, it will be permanently deleted.
According to experts, such vulnerability can be used by hackers to carry out "denial of service attacks." That way, they can deny the user access to his account and email.
WhatsApp has not yet commented on this vulnerability and has not announced possible measures to eliminate it.