WhatsApp hacking on the rise; Santosh Sivan and ‘Baahubali’ producer fall victim

Chennai: Cybercriminals are increasingly taking control of WhatsApp accounts, targeting even prominent figures. Notable victims include acclaimed director and cinematographer Santosh Sivan, producer of the magnum opus ‘Baahubali’, Shobu Yarlagadda, and Santosh Sivan's assistant.

Complaints regarding these incidents have been filed with Tamil Nadu Police’s Cyber Crime Wing and the National Cyber Crime Reporting Portal. Investigations are underway.

The issue first came to light on Thursday night when Yarlagadda revealed the hacking incident through X. On Friday morning, Santosh Sivan announced on Instagram that he had lost control of his WhatsApp account. He cautioned people not to trust messages sent in his name, labeling them as fraudulent.

How do cybercriminals hack WhatsApp accounts?

The attackers log into WhatsApp using the victim’s phone number on another device, causing the account to be logged out of the victim’s phone. Even if the victim tries to log back in, it becomes impossible. The cybercriminals use social engineering to obtain the OTP sent by WhatsApp and gain access to the account.

Once an account is compromised, the hackers often target people in the victim’s contact list. For instance, after gaining control of Santosh Sivan’s account, the hackers sent a message to his assistant asking for a verification code. Upon receiving the code, the hackers seized control of the assistant’s WhatsApp account.

Reports suggest that the hackers, after taking control of Yarlagadda’s and Sivan’s accounts, have reached out to several others in the film industry using similar tactics. Generally, users can regain access to their accounts after 12 hours, but the process remains a concern.

Hackers often use hijacked accounts to execute scams, such as requesting money from the victim’s contacts. However, according to WhatsApp’s official website, hackers cannot access old chats even after taking control of an account. Despite this reassurance, users remain apprehensive about their privacy and security.

In a related incident, a relative of Santosh Sivan shared a post in a group about his account being hacked. However, the post was removed after hackers took control of an admin account in the same group. The group settings were subsequently changed to allow only admins to post, restricting others from sharing updates.