South Africans have been put on high alert after Communications and Digital Technologies Minister Stella Ndabeni-Abraham's WhatsApp has been hacked.
While WhatsApp has tried to improve security through 2-factor authentication and end-to-end encryption, hackers can still get into your messages by getting around these protections.
The South African Police Service have released a list of signs that your account may have been hacked so you can spot it early enough.
However, if you're really concerned about security it would be better to use a messaging service that has a better track record and doesn't store data like Signal.
Log out of all devices
When you log into WhatsApp web on a computer it remains logged in unless you intentionally log out.
This means that if a computer you're logged into is stolen or hacked the third party can see updates of your messages as they come through on WhatsApp web.
Do not leave your phone unattended
Although it is hard to believe this ever happens, especially in South Africa, it is advised you never leave your phone unattended as it is then at risk of being tampered with without your knowledge.
Enable 2-step authentication
This is a big new addition to WhatsApp and is pretty helpful. You won't be asked to do it every time you login to WhatsApp, only at random intervals but this will stop a hacker from being able to look at your messages for very long after they have accessed your account.
To enable 2FA on WhatsApp, go to settings, account and then Two-Step Verification.
If you want a third (or is it fourth at this point?) layer of protection, consider downloading an Applock app which will allow you to lock apps with another password requirement before the app will successfully open.
- In case, your WhatsApp is already hacked, deactivate your account by emailing at firstname.lastname@example.org. Your account will be automatically deleted if not accessed for 30 days.
If your WhatsApp is hacked
In case, your WhatsApp is already hacked, deactivate your account by emailing email@example.com about the breach. Your account will be automatically deleted if not accessed for 30 days.