Shockingly enough, this can be exploited even if you have enabled two-factor authentication (2FA) for your WhatsApp account.
First reported by Forbes, a hacker can use their own device to attempt to log in to the your WhatsApp account. If the two-factor authentication (2FA) for your account, WhatsApp would send you a six-digit code via call/SMS. The hacker will the purposefully will guess the code and after failed attempts WhatsApp will ask to try after 12 hours. In the meanwhile, the cyber criminal can send an email WhatsApp support saying something like the phone was stolen and request and ask to suspend the account for which WhatsApp will request for your mobile phone which the hacker can give.
WhatsApp doesn’t verify the email, from which the request is sent and doesn’t follow up with questions to confirm your ownership of the phone number.
As of now, there is no way for a person to keep themselves from falling prey to cybercriminals.
According to Gadgets360, a WhatsApp spokesperson said, “Providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem. The circumstances identified by this researcher would violate our terms of service and we encourage anyone who needs help to email our support team so we can investigate.”
Even if the victim successfully re-registers and recovers their WhatsApp account, just one email from the cybercriminal could get them back to square one and the countdown will show count down “-1 seconds” instead of 12 hours.