Without this, an attacker can’t hijack your account, even if they get hold of that SMS code. All you need to do is add a PIN number in your app. And if the attacker adds extra security to your account, security you should have added yourself, then you can be without WhatsApp for a week or longer. You will get your account back-but it will take time. As soon as you do, you lose your account. You then get a text with a six-digit code and they use the already hijacked account of one of your friends to message you and ask for the code, which they say was meant for them. They install WhatsApp and enter your phone number on their device. The hack works by tricking you into sharing the SMS message WhatsApp sends you when you activate your account on a new phone. And although an attacker taking over your account will not have access to your past message history, they will receive all messages sent to you while they control your account, and they will see your contacts in each of your groups and in any new messages received. Your biggest risk on WhatsApp is getting your account hijacked-this is an ongoing scourge that impacts a frightening number of people every week. Unlike the new terms of service change, these also put your actual message content at risk.
Much more importantly, there are two further settings that really do put your privacy at risk and which you should change. Do not autosave images to your phone WhatsApp/iOS
