A coalition of civil society organizations in Gabon has issued a formal public alert regarding a surge in the hijacking of WhatsApp accounts, targeting high-profile individuals, public officials, and private citizens. This wave of digital identity theft, which involves the unauthorized takeover of accounts to solicit funds or sensitive information, has prompted urgent calls for improved cybersecurity awareness across the country.
The issue gained significant public attention following reports involving various public figures, including associates of high-ranking officials, who have found their personal messaging accounts compromised by malicious actors. According to reports from regional observers and digital rights advocates, these attacks often utilize sophisticated social engineering tactics to bypass standard security protocols, leaving victims unable to access their own communications.
As a technology editor, I have monitored the evolution of these threats across the African continent. The pattern observed in Gabon mirrors trends seen in other jurisdictions where threat actors leverage the ubiquity of WhatsApp to conduct “man-in-the-middle” attacks or SIM-swapping operations, often with the goal of defrauding the victim’s contacts or harvesting private data for future exploitation.
The Mechanics of WhatsApp Account Hijacking
Security experts note that most unauthorized account takeovers on WhatsApp are not the result of a platform-wide vulnerability, but rather the exploitation of user-end security gaps. The most common vector is the manipulation of the six-digit registration code sent via SMS. In these scenarios, an attacker attempts to log into the target’s account from a new device, triggering a verification request. If the attacker tricks the original owner into sharing this code—often by posing as a technical support representative or a known contact—they gain full control of the account.

Once inside, the attacker can download the user’s message history and impersonate the individual to request financial assistance or sensitive documents from friends, family, and professional colleagues. This creates a significant trust deficit, as contacts are often conditioned to believe that the messages they receive are genuine, according to cybersecurity advisories from the Cybersecurity and Infrastructure Security Agency (CISA), which provides guidance on mitigating such risks.
Recommendations for Enhanced Digital Security
To combat this rising trend, digital security advocates in Gabon are urging users to implement immediate protective measures. The most effective defense is the activation of Two-Step Verification (2SV). By setting a unique six-digit PIN within the WhatsApp settings, users add a secondary layer of security that prevents an attacker from registering the account on a different device, even if they obtain the SMS verification code.

Furthermore, users are advised to be skeptical of any unsolicited messages, even those appearing to come from trusted sources, that request verification codes or financial transfers. If a contact suddenly asks for money or sends a suspicious link, it is recommended to verify the request through an alternative communication channel, such as a direct phone call. Official security guidelines from WhatsApp’s own support documentation emphasize that the company will never ask for a user’s verification code or PIN.
Broader Implications for Digital Infrastructure
The mobilization of civil society organizations to address this issue reflects a growing recognition of the role digital platforms play in the national socio-economic landscape. As Gabon continues to digitize its administrative and commercial processes, the security of messaging services has become a matter of public concern rather than just a personal inconvenience. The potential for these breaches to disrupt government operations or jeopardize the privacy of public officials has made cybersecurity a key priority for local advocacy groups.
While investigations into specific incidents remain ongoing, the collective action taken by these associations serves as a reminder of the need for robust institutional frameworks to handle cybercrime. Current efforts are focused on educating the public on how to report compromised accounts to both the platform providers and local law enforcement agencies, ensuring that incidents are tracked and analyzed to prevent further spread.
Moving forward, the effectiveness of these efforts will depend on the continued collaboration between technology stakeholders, local authorities, and the user base. As the situation develops, users are encouraged to monitor updates from local digital rights organizations and to remain vigilant regarding their account settings. For those who believe their account has already been compromised, the official WhatsApp help center remains the primary resource for recovering access and securing the account against future unauthorized logins.
Worth a look