One Email Could Have Gotten Your Brand’s WhatsApp Account Shut Down

A security expert issued a warning to all WhatsApp users yesterday, revealing a vulnerability that lets anyone deactivate their accounts with a single email — and the worst part is: That email can come from anyone.

If a smartphone is lost or stolen, WhatsApp lets users deactivate their accounts to protect their data. But literally anyone with your phone number can request this and remotely deactivate your brand’s account.

📧 One Email Away

According to the WhatsApp support page, the process involves sending an email to a specified address with the phrase “Lost/Stolen: Please deactivate my account” and the associated phone number, resulting in the account being instantly deactivated.

When an account is deactivated, it isn’t immediately deleted, and your contacts can still view your profile and send you messages. The messages, however, remain pending for up to 30 days after deactivation, giving users time to reactivate their accounts before deletion.

Luckily, the fix is simple — your account gets reactivated when you log back in.