- Protecting your verification code and enabling two-step verification drastically reduces the risk of account theft on WhatsApp.
- In case of account hijacking, registering again with the number and closing linked sessions is key to expelling the intruder.
- If your mobile phone is stolen, blocking the SIM and requesting a duplicate allows you to regain access to WhatsApp and stop fraudulent use.
- Regularly reviewing linked devices and privacy settings helps detect unauthorized access and prevent scams.
Having your WhatsApp account stolen or hacked It's one of those digital scares no one wants to experience: suddenly you see a notification that your number is active on another device, your contacts receive strange messages, or you simply can't access the app. Beyond the immediate anxiety, the real problem is that someone could be reading your conversations, impersonating you, or trying to scam money from your friends and family.
The good news is that you can almost always regain control You can recover your account if you know what to do and act quickly. WhatsApp has several mechanisms to help you regain access, block the intruder, and strengthen your security. In this comprehensive guide, I explain, step by step and in detail, how to recover a stolen or hacked WhatsApp account, what to do if your phone has been stolen, how to terminate WhatsApp Web sessions, and what measures you should activate to prevent it from happening again.
How your WhatsApp account can be stolen
Although it is often referred to as “hacking”In most cases, what happens is that someone obtains the six-digit verification code that WhatsApp sends via SMS or call when you register your number on a new device. Without this code, the account cannot be activated, so it's the treasure cybercriminals seek through deception.
The most common method is social engineeringYou receive a message or call that seems legitimate (supposed WhatsApp support, a package awaiting delivery, an acquaintance asking for help, etc.). While they're talking to you, they try to register your number on another phone, and you receive an SMS with a code. The trick is always the same: they ask you to forward those six digits—it's the well-known WhatsApp code scam— “to verify” or “to fix a problem.” If you do this, your account has just been stolen.
The deception involving the supposed security problem is also common.They warn you that your WhatsApp account has been "hacked" or "cloned" and that, to protect yourself, you need to share the code they'll send you. In reality, they're the ones trying to log in with your number on another device. Once they enter the code on their phone, your session is automatically closed.
Another option is the famous SIM swapping or SIM duplicationThe attacker convinces the mobile operator to issue a duplicate SIM card with your number. From then on, they receive all verification SMS messages, including those from WhatsApp, and can register your account on their phone without you ever seeing a code.
We must not forget access via WhatsApp Web or desktop applicationsIf someone has your phone unlocked for a few seconds, they can scan the WhatsApp Web QR code and link their computer to your account. From then on, they'll be able to see your chats and send messages as if they were you, without ever having to touch your phone again.
Finally, the theft or loss of the phone This is a particularly risky scenario if the phone didn't have a PIN, fingerprint, or facial recognition. If the thief can unlock it, they have one tap at their fingertips to access both your WhatsApp and the SMS messages with verification codes, making it easy to take control of your account and other services linked to your number.
First steps if your account has been stolen or cloned
As soon as you suspect someone is using your WhatsApp (messages you didn't send, registration notifications on another device, your contacts alerting you to strange requests…), the most important thing is not to let time pass. Every minute the intruder maintains control is an opportunity to impersonate you, ask for money, or gather sensitive information.
First, notify your contacts through other channels (Phone call, SMS, email, social media, or other messaging app). Explain to them that it's not you writing from your WhatsApp number and that they shouldn't respond to messages asking for money, codes, bank details, or personal information. This way, you nip many potential scams in your name in the bud.
Next, try recovering your account by registering again. Log in to WhatsApp with your number on your own phone or another trusted device. Download the app (if necessary), enter your phone number, and wait to receive the SMS or call with the six-digit code. Entering the code will automatically close the attacker's session, as WhatsApp can only be active on one phone at a time.
It is possible that, if the intruder has been making many attempts For verification, WhatsApp may temporarily limit code sending, and you might have to wait a few minutes or hours to receive it. In that case, follow the app's instructions and try the automatic call option to hear the code if the SMS is delayed.
If, when trying to log in, it asks for a second six-digit codeIf the code you see is different from the one you received via SMS, it means two-step verification is enabled, and it's very likely that the attacker set it up to lock you out. If you don't remember enabling it yourself (or you don't know the PIN), you'll have to wait up to seven days before you can use your account again without that second code.
Although the timeframe may seem long, it has a positive side.As soon as you enter the first verification code and your number is registered on your mobile, the thief's session is closed. During those seven days, they also won't be able to use your account, although you won't be able to chat until the security lock associated with two-step verification is lifted.
How to recover your account if it has been stolen using the verification code
This is the most common scenarioSomeone tricks you into sharing a code you received via SMS, and when you enter it on their device, they log you out of your WhatsApp account. If this has already happened, follow these steps to regain control as soon as possible.
1. Reinstall WhatsApp and register your number again
Open WhatsApp on your phone (or reinstall it from the app store if you deleted it) and enter your phone number with the correct country code. Wait to receive the SMS or call with the six-digit code and enter it into the app when prompted. This will instantly close the session that was started on the other device.
2. If you don't receive the code, be patient and use the call option.
When too many verification attempts have failed, WhatsApp delays sending new codes to prevent automated attacks. In that case, you'll see a timeout on the screen. Wait for it, and if you don't receive the SMS when it's finished, select the option to receive an automated call where a recorded message will read you the code.
3. In case of two-step verification activated without your consent
If, after entering the SMS code, the app asks for another six-digit PIN that you don't know, it means the attacker activated two-step verification while they had access to the account. WhatsApp, by design, doesn't allow you to bypass this verification immediately, so you'll have to wait up to seven days to access your account without the PIN. In the meantime, however, the intruder will no longer be able to use your WhatsApp account.
4. Inform WhatsApp if you are unable to regain access
Si, por lo que sea, no logras completar el proceso estándar de registro, puedes escribir a soporte enviando un correo a [email protected]. En el asunto indica algo del tipo “Cuenta clonada/robada” o “Teléfono robado/extraviado: por favor, desactiva mi cuenta” y en el cuerpo del mensaje incluye tu número de teléfono con el prefijo internacional (por ejemplo, +34 para España o +52 para México), explicando lo que ha sucedido.
5. Keep your contacts informed until everything is under control
Even if you've managed to log back in, it's a good idea to keep your contacts informed for a few hours or days, in case the attacker took screenshots of chats, photos, or other data they could try to use later. The more people who know your account was hacked, the less likely they are to scam someone else in your name.
What to do if you suspect you are being spied on via WhatsApp Web or from a computer
When the problem isn't that you've been completely taken out of the accountIf you think someone might be reading your messages from a computer or other linked device, the focus is on reviewing and closing active sessions on WhatsApp Web or the desktop application.
In recent versions, WhatsApp displays linked sessions in the “Linked Devices” section of the app menu. From there you can clearly see which browsers, computers or mobile devices your account is logged into, with details such as the type of device and the last connection date.
To check and expel possible intrudersOpen WhatsApp on your phone, tap the menu in the top right corner (on Android) or go to Settings (on iPhone) and tap "Linked Devices." There you'll see a list of active sessions. If you see any computer, browser, or location you don't recognize, tap on it and then tap "Log Out." That person will lose access immediately.
This type of espionage is especially likely When someone in your circle (partner, family member, coworker) has had physical access to your unlocked phone, it only takes a few seconds for them to scan the WhatsApp Web QR code from their computer and continue reading your chats without you noticing if you never check the linked devices.
To minimize this risk in the futureGet into the habit of regularly checking the "Linked Devices" section and closing any sessions you don't need. Also, activate WhatsApp's fingerprint or facial recognition lock (available in Settings > Privacy > Fingerprint or Face ID lock), so that even if someone picks up your unlocked phone, they won't be able to access the app without your biometric authentication.
What to do if your mobile phone has been stolen with your WhatsApp on it
When the problem is the theft or loss of the phoneWe're no longer just dealing with a potential access to WhatsApp, but with a much greater risk to all your accounts. That's why you need to react quickly and systematically to prevent the thief from controlling your number and the app.
1. Call your operator and block the SIM card
This is the most urgent step. By blocking the SIM card, you prevent the thief from receiving verification codes via SMS or call, whether from WhatsApp or other services (banks, email, social media). Explain that your phone has been stolen or lost and request that the line and SIM card be blocked immediately.
2. Request a duplicate SIM card with the same number
Once your old SIM card is blocked, request a new SIM with your usual number. You'll be asked to verify your identity, either in-store or by phone. Once you have the new SIM, you can use it in another device to reinstall WhatsApp and other apps associated with your number.
3. Deactivate your WhatsApp account via email if you don't yet have a SIM card
Si no puedes conseguir el duplicado de inmediato, o si sospechas que alguien está usando ya tu WhatsApp en el móvil robado, escribe a [email protected] con el asunto “Teléfono robado/extraviado: por favor, desactiva mi cuenta” e indica tu número con el prefijo internacional. De esta forma la cuenta quedará desactivada: tus contactos podrán seguir viendo tu nombre y foto, pero nadie podrá enviar ni recibir mensajes desde ese número.
4. Recover your account on your new device
Once you have the new SIM card, insert it into your replacement phone, install WhatsApp, enter your number, and complete the verification process with the six-digit code. This will activate your WhatsApp account on the new phone, and the session on the stolen phone will be permanently closed. If you had backups on Google Drive or iCloud, you can restore your chats during the initial setup.
5. Keep in mind the account deletion timeframes.
If you requested account deactivation via email and 30 days pass without you registering again with your number, WhatsApp may permanently delete your account. If you don't want to lose it, try reactivating your WhatsApp on a new device before that time is up.
6. Consider reporting the theft to the police
If, in addition to your WhatsApp account, other sensitive data is stored on your device (personal photos, online banking logins, etc.), it's advisable to file a report with the police or relevant authority in your region. In some cases, this report is necessary for your mobile carrier or bank to investigate suspicious activity.
How to strengthen the security of your WhatsApp account
Once you have regained control of your accountThe next logical step is to secure it so that a similar theft is much less likely. WhatsApp incorporates several security features that many users don't even activate, and these make a big difference against the most common attacks.
Activate XNUMX-Step Verification
This feature adds a six-digit PIN that you'll be asked for periodically, and especially every time you register your number on a new device. To activate it, go to Settings > Account > Two-step verification and follow the prompts. It's very important that you memorize this PIN and don't share it with anyone.
Two-step verification prevents someone from using your SMS code. Simply log into your account. Even if the attacker manages to trick you into giving them your WhatsApp verification code, without that second PIN they won't be able to register your number on their phone. The app also lets you add a recovery email address in case you forget your PIN, which is highly recommended to avoid being locked out for seven days if you forget.
Block access to your mobile and the app
It seems obvious, but many phones still lack PINs, patterns, fingerprints, or facial recognition. Set up a robust unlocking system and avoid sharing it with others. Within the WhatsApp app itself, you can activate fingerprint or Face ID lock, so even if someone has your phone unlocked, they won't be able to open the app without your biometric authentication.
Check your profile privacy
From Settings > Privacy, you can choose who sees your profile picture, your information, your last seen time, or your status updates. Limiting this information to "only my contacts" or even to specific lists reduces the amount of data a stranger can collect about you and makes some impersonation attempts more difficult.
Never share codes or passwords
This is the golden rule: neither banks, nor companies, nor WhatsApp itself will ever ask you to send them verification codes via chat. If you receive a text message with a code you didn't request, ignore it. And if someone asks you to send it to them "to help you" or "to prevent you from losing your account," hang up or stop replying: it's a scam.
Protect your email and other linked accounts as well.
Although WhatsApp is primarily accessed via phone number, many security features (such as cloud backups and restores) rely on your Google or Apple account. Enable two-step verification on those services as well, check for suspicious logins, and change weak or reused passwords.
When is it appropriate to contact support and report?
Sometimes, despite following all the steps, the situation becomes complicated.If you're not receiving codes, your line has been compromised by SIM swapping, or an intruder has tried to scam several people in your name, in addition to following the technical procedure, you may need to take further steps and contact support or the authorities.
You should write to WhatsApp support If you believe your account has been cloned, if you can't verify your number despite having control of the SIM, or if you need to deactivate your account because you don't have access to your line (for example, during a long trip after your phone was stolen), the email, as we mentioned, is [email protected] And in the message it is key to include your number with international prefix and a clear explanation of the problem.
It is also advisable to report the incident to the police. When the theft of an account or mobile phone has been used to commit crimes such as extortion, threats, demands for money from third parties, blackmail with photos or personal information, etc., saving screenshots of fraudulent messages, numbers involved, and exchanged emails can be useful as evidence.
Finally, don't forget to notify your bank or other entities. If you suspect that an intruder may have accessed codes or links related to your finances, be aware that many WhatsApp scams end in attempted money theft, so it's a good idea to review recent activity and activate additional security alerts.
Taking care of your WhatsApp account has become almost as important How to protect your email or online banking: we store private conversations, photos, documents, and data that can be used to spy on, impersonate, or defraud. Knowing how your account can be stolen, what to do minute by minute when something goes wrong, and how to configure options like two-step verification, app blocking, or monitoring of linked devices makes the difference between a simple, controlled scare and a serious problem for you and your contacts.
