WhatsApp website attacked by hackers, goes offline

Graham Cluley

WhatsAppHot on the heels of the defacement of the AVG anti-virus website, comes news that they’re not the only victims of pro-Palestinian hackers today.

It appears that the homepage of WhatsApp, the tremendously popular free messaging app, was also defaced.

Earlier today, the WhatsApp website displayed a pro-Palestinian message from the hackers under the title “You Got Pwned” and looked like this:

WhatsApp website

The message is identical to the one which appeared on AVG’s website earlier today.

As with the AVG hack, the group claiming responsibility for the defacement is the KDMS team, who appear to have a pro-Palestinian agenda.

It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.whatsapp.com to a different IP address.

Presently users are finding it hard to reach the WhatsApp website – presumably because the company has taken it offline while they attempt to get a handle on this mess.

Sadly, it’s not the only security headache for WhatsApp today. Security researchers have claimed that there are serious weaknesses in WhatApp’s encryption which could make it possible for unauthorised parties to eavesdrop on your messages.

Let’s hope that the cause for the WhatsApp and AVG website hacks is discovered quickly, and the problem is resolved.

See also: AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Update:
Network SolutionsIt is now becoming clear that the WhatsApp servers (and indeed those which run the AVG and Avira websites) were not broken into by hackers, but that instead the companies were the victims of DNS hijacking.

DNS records work like a telephone book, converting human-readable website names like whatsapp.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered whatsapp.com into your browser you were instead taken to a website that wasn’t under WhatsApp’s control.

The question now is how did the hackers manage to change the DNS records for whatsapp.com, avg.com and avira.com?

Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of the sites’ DNS records?

Or was Network Solutions – which manages the DNS records for these companies – tricked into changing the passwords, and as a result allowed the hackers to gain access to the DNS entries?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

4 Replies to “WhatsApp website attacked by hackers, goes offline”

  1. This isn't a defacement, it's a
    redirection to another site. A defacement would mean that the
    legitimate code on the site had been altered.

      1. I have not been able to open my WhatsAp for two days. Each time I try to open there is a notice that says "This Version is too old, upgrade now". And of-course I can't upgrade. ( http error 503 /500 Service unavailable) Thanks for the info pray it will be resolved soon.

  2. How many days for whatsapp to be well.any one with the other address that i can use to get whatsapp

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.