My WhatsApp Account Was Hacked or Stolen: What to Do? | DSET
Was your WhatsApp account hijacked? We explain the verification-code scam, urgent recovery steps, two-step verification, and the digital forensics evidence process from an expert view.
Quick Answer
If your WhatsApp account has been hijacked, follow this order without panicking: open WhatsApp and re-register with your phone number, then enter the 6-digit code that arrives by SMS or call. This action automatically logs the attacker out and returns the account to you. Next, enable the 6-digit PIN under Settings > Account > Two-Step Verification, and end every unknown WhatsApp Web session under Linked Devices. Finally, warn your contacts: "my account was hijacked, do not believe any money requests from me." If you were a victim of fraud or harassment, do not delete the chat and media records; keep them as evidence. A digital forensics report is decisive in the complaint you file with the prosecutor's office.
The first assessment is free. No fee if no data or evidence is recovered: +90 536 662 38 09.
How Is a WhatsApp Account Hijacked?
WhatsApp is a well-secured app, but almost all takeover cases stem not from a flaw in the app but from deceiving the user. The attacker has a single goal: to capture the 6-digit verification code sent to your phone while logging into your account on a new device.
1. The "a code came to you by mistake, can you send it back?" trap
This is the most common method. The scammer writes from a compromised contact's account or an unknown number: "Sorry, I typed your number by mistake, a code came to you, can you forward it?" At that moment the attacker is trying to log into WhatsApp with your number, and the code is your account's verification code. The instant you share it, the attacker gets in and you are locked out.
2. SIM swap attack
This is a more targeted method. Using a fake ID or by deceiving an operator employee, the attacker ports your number to their own SIM card. The number is now on their phone, so the verification SMS reaches them. Your phone suddenly losing signal is the clearest sign of this attack.
3. Fake links and phishing
Links in messages such as "your WhatsApp account will be suspended", "WhatsApp Gold edition" or "you won a prize" redirect you to fake login pages. This method works on classic phishing logic; our guide on how to spot a phishing email will help you recognize similar traps.
4. Unauthorized WhatsApp Web sessions
Someone with a few seconds of physical access to your phone (a jealous partner, a coworker) can scan the WhatsApp Web QR code into their own browser and silently monitor all your conversations. In this case you are not kicked out of your account, which makes it the hardest method to notice.
How Do I Know My Account Was Hijacked?
If one or more of the signs below appear, your account may be at risk:
- WhatsApp showed "your number is registered on another device" and logged you out.
- You see messages you did not send, or joins and leaves in groups.
- Your contacts ask you "did you really ask me for money?"
- Your phone suddenly lost signal (a SIM swap sign).
- There is an unknown session in your Linked Devices list.
If you suspect your phone in general beyond WhatsApp, review the symptom list in our guide on how to tell if my phone has been hacked.
URGENT: Steps to Recover the Account
Recovering your account takes only a few minutes in most cases. What matters is following the correct order.
Step 1: Re-register with your number
Open WhatsApp and start the re-registration by entering your phone number. WhatsApp will send a 6-digit code by SMS or phone call. Never share this code with anyone, enter it only on the WhatsApp screen. The moment you enter it correctly, the account returns to your device and the attacker's session ends automatically.
Step 2: If a two-step verification PIN is requested
To keep you locked out permanently, the attacker may have enabled two-step verification and set a PIN. If you do not know this PIN, WhatsApp may start a 7-day waiting period. During this time you can reset the PIN with your registered email address. If you never added an email, you can log in without the PIN at the end of the 7 days. This is why the email step described in the next section is critical.
Step 3: End all WhatsApp Web sessions
After recovering the account, go to Settings > Linked Devices. Tap each unknown session and select Log Out. If you are unsure, use "Log out of all devices" to close them all at once.
Step 4: Warn your contacts
As soon as attackers take over an account, they message people on your contact list saying "I urgently need money, can you send it to this account?" to commit fraud. The moment you recover your account, post to your status and your closest circle: "my account was hijacked, do not believe any money requests from me." This significantly reduces the number of victims.
Permanent Protection: Two-Step Verification
After recovering your account, the most important step is to enable two-step verification yourself. Even if someone captures the 6-digit SMS code, this feature blocks login without the 6-digit personal PIN you set.
Follow Settings > Account > Two-Step Verification > Turn On. It will ask for a 6-digit PIN and a recovery email address. Be sure to enter the email; it is the only way to recover the account if you forget your PIN or the attacker changes it.
| Protection Measure | What It Does | Importance |
|---|---|---|
| Never sharing the 6-digit SMS code | Directly prevents account takeover | Very high |
| Two-step verification PIN | Stops login even if the SMS code is stolen | Very high |
| Adding a recovery email | Enables recovery when the PIN is forgotten | High |
| Regularly checking Linked Devices | Catches hidden monitoring sessions | Medium |
| Not clicking suspicious links | Blocks phishing at the source | High |
The Legal Side: Fraud, Harassment and Evidence Collection
A hijacked WhatsApp account is not just a security issue; under Turkish Criminal Law it may constitute unauthorized access to an IT system, fraud, and depending on the case violation of privacy. If the attacker defrauded your circle from your account, or used your conversations to threaten or harass you, you have the right to start legal proceedings.
Keep evidence without deleting it
The most common mistake is to panic and delete the scammer's messages or threatening conversations. Do not delete anything. Follow these steps:
- Take screenshots of the scammer's messages, shared IBANs, and any threatening content.
- If possible, back up the chats using WhatsApp's Export Chat feature.
- Note the time of the incident, the relevant phone numbers, and receipts if you made a money transfer.
However, screenshots alone are weak evidence in court because it can be claimed they were altered. This is where digital forensics comes in. We covered the conditions under which WhatsApp conversations are legally valid in our guide on are WhatsApp messages valid as evidence.
Why is a digital forensics report needed?
A digital forensics expert records the data obtained from your phone or backups with hash values (integrity stamps), mathematically proving that the evidence was not altered afterward. This process is called the chain of custody and is critical for the court to accept the evidence. You can find the technical details in our guide on the digital forensics process and chain of custody.
At DSET we work on recovering deleted WhatsApp messages, analyzing session logs, and preparing court-admissible expert reports. Reporting the incident to the national CERT and the Chief Public Prosecutor's Office, while professionally collecting the technical evidence in parallel, is the most solid path.
About DSET
DSET has been serving in digital forensics and cybersecurity since 2003, based at Hacettepe Technopark Beytepe (Cankaya), Ankara. We have a 99.4% success rate in data recovery and evidence extraction projects. The first assessment is free; if no data or evidence is recovered, you are not charged.
For technical or legal support regarding your hijacked WhatsApp account, reach us at: +90 536 662 38 09.
Frequently Asked Questions (FAQ)
I accidentally shared the 6-digit code, will I lose my account immediately? Usually yes, the attacker uses that code to log in. But do not panic: when you immediately re-register with your number and enter the new code, the account returns to you and the attacker's session ends. The faster you do this, the less damage occurs.
If the attacker set a two-step verification PIN, can I still recover my account? Yes. If you are asked for a PIN you do not know during registration, you can reset it with your registered recovery email. If there is no email, WhatsApp lets you log in without the PIN after a 7-day waiting period.
I recovered my account but my messages were deleted, can they be restored? Possibly. If your phone has a local or cloud backup, it can be restored. Even without a backup, partial recovery can be done on the device using forensic techniques. Using the device as little as possible and consulting an expert increases the chance of recovery.
Is a screenshot enough as evidence in court? On its own it is weak, because the other side may claim it was altered. For strong evidence you need a digital forensics report stamped with hash values and a preserved chain of custody. This report technically proves the authenticity of the images.
How can I be sure my WhatsApp account is secure? Enable two-step verification together with a PIN and recovery email, never share 6-digit codes, check the Linked Devices list periodically, and do not click suspicious links. These four habits eliminate most of the takeover risk.
Sources
Kimliğinizi doğrulayın
Yetkilendirilmiş erişim alanı. Tüm giriş denemeleri kayıt altına alınır.