Two girls, aged 10 and 11, lost access to their messenger accounts after falling victim to a targeted fraud scheme in Meiningen, Germany. Local authorities in Südthüringen report that unidentified perpetrators used deceptive tactics to seize control of the children’s digital identities, highlighting a growing trend of social engineering attacks targeting minors.
The incident occurred in the Meiningen district, where the attackers manipulated the young users into providing sensitive account information. According to reports from regional news outlets in Südthüringen, the perpetrators successfully locked the children out of their accounts, effectively hijacking their communications.
This type of account takeover typically involves “social engineering,” where attackers trick users into sharing verification codes or clicking malicious links. Because children often lack formal training in cybersecurity, they are primary targets for these “perfide” or insidious tactics designed to bypass security protocols.
How the Messenger Account Hijack Occurred
While specific technical details of the breach remain under investigation by local police, the pattern matches common account takeover (ATO) methods. Attackers often pose as friends, gaming companions, or official support staff to build trust before requesting a “security code” sent via SMS. Once the victim provides this code, the attacker can link the account to a new device and change the password, instantly barring the original owner from entry.
Law enforcement officials in Thuringia have warned that these schemes are rarely isolated. Once an account is compromised, attackers frequently use the hijacked profile to send similar deceptive messages to the victim’s contact list, leveraging existing trust to ensnare more children and adults in the same cycle.
According to the Federal Office for Information Security (BSI), the risk to minors is amplified by the high level of trust they place in digital interactions and a lack of awareness regarding two-factor authentication (2FA) vulnerabilities.
The Risks of Digital Identity Theft for Minors
The loss of a messenger account is more than a technical inconvenience for a 10- or 11-year-old. It represents a breach of privacy and a potential gateway to further exploitation. When an attacker controls a child’s account, they gain access to private photos, personal conversations, and the identities of the child’s real-world friends and family.
Cybersecurity experts note that hijacked accounts are often used for “impersonation scams.” The attacker may request money or personal information from the child’s parents, pretending to be the child in a crisis. In other cases, these accounts are sold on dark web marketplaces to be used in larger phishing campaigns.
The psychological impact on children is also significant. The sudden loss of their social circle and the realization that a stranger has accessed their private thoughts can lead to distress and anxiety, making the role of parental supervision critical in the aftermath of such attacks.
Preventing Social Engineering Attacks on Children
To prevent similar incidents in Meiningen and beyond, security professionals recommend several immediate technical and behavioral safeguards. The most effective defense is the implementation of robust Two-Step Verification (2SV), provided it is configured to use an authenticator app rather than just SMS, which can be intercepted or tricked.
Parents are urged to educate children on the following “red flags” of digital fraud:
- The “Code” Request: Never share a verification code sent via SMS or email with anyone, even if they claim to be a friend or a company representative.
- Urgency Tactics: Be wary of messages that create a sense of panic, such as “Your account will be deleted in one hour unless you click here.”
- Unknown Links: Avoid clicking links sent by strangers or even friends if the link seems out of character for that person.
The Klicksafe initiative, a German project focused on online safety for children, suggests that parents should maintain an open dialogue about internet usage rather than relying solely on restrictive software, as children often find ways around filters but may not know how to spot a scam.
Legal Recourse and Reporting in Thuringia
The victims in Meiningen and their families are encouraged to report these crimes to the local police. Reporting is essential not only for the attempt to recover the accounts but also to help law enforcement track the patterns of the attackers and identify the infrastructure being used to carry out these frauds.

Under German law, the unauthorized access of data and the manipulation of computer systems can be prosecuted as criminal offenses. However, recovering a hijacked account often depends on the cooperation of the service provider (such as Meta for WhatsApp or Telegram). Users are advised to use the official “Account Recovery” portals provided by the platforms immediately after a breach is detected.
For those in the Südthüringen region, the police recommend documenting all interactions with the scammer—including screenshots of the messages and the profile of the attacker—before the evidence is deleted by the perpetrator.
The investigation into the Meiningen cases remains open as police seek to identify the perpetrators. Families are advised to monitor their children’s digital activity and update security settings across all social media platforms.
Do you have experience dealing with account recovery for a minor? Share your tips or questions in the comments below to help other parents stay secure.
Keep reading