One app, two accounts: new WhatsApp feature raises security concern


WhatsApp will allow users to juggle two accounts at the same time, potentially eliminating the need to have separate phones for work and personal use. However, this is also a security risk, experts warn.

To set up a second account, users will need a second phone number and SIM card, or a phone that accepts multi-SIM or eSIM, the Meta-owned messaging app said in a blog post.

“Simply open your WhatsApp settings, click on the arrow next to your name, and click ‘Add account.’ You can control your privacy and notification settings on each account,” WhatsApp said.

It said the feature will be helpful for those who need to switch between accounts, such as work and personal. “Now you no longer need to log out each time, carry two phones or worry about messaging from the wrong place,” WhatsApp said.

Acknowledging the security risks associated with using multiple numbers on one phone, it also warned users to only rely on the official WhatsApp platform to switch between accounts and not to download “imitations or fake versions” to get more accounts on their phone.

“Your messages are only secure and private when using the official WhatsApp,” it said.

Double the attack surface

A long awaited feature, some experts warn that switching between two numbers on the same account could pose an increased security risk. Michal Kierul, head of IT consulting firm INTechHouse, said that it was a “double-edged sword.”

While it can “significantly improve work-life balance,” two accounts on a single device means that “the attack surface essentially doubles,” Kierul said.

“If one account is compromised, it could potentially give attackers a pathway to the other,

especially if the device itself has vulnerabilities,” he said, adding that the need for two SIM or eSIM cards adds another layer of complexity and potential risk.

“Companies will need to update their security protocols to account for this new feature, perhaps requiring additional authentication steps or more stringent monitoring of WhatsApp usage on work devices,” Kierul said.

Dual-account access increases the potential for data leakage and privacy breaches, according to Joshua Spencer of FortaTech Security, a cybersecurity company.

“Users might inadvertently share sensitive information with the wrong account, risking both personal and professional data,” Spencer said.

“If one account is compromised, it could potentially provide a backdoor to the other, putting both personal and work-related data at risk. This feature offers convenience, but users need to exercise caution,” he added.

Prey to cybercriminals

In April, WhatsApp introduced another feature that allowed users to group up to four phones in a single account, with each linked phone connecting to WhatsApp independently.

This week, it said that everyone who uses WhatsApp on Android can start logging into their accounts using passkeys – a facial scan, a fingerprint, or a PIN. Passkeys are considered to be an easier and more secure way to login than passwords.

WhatsApp’s security was brought into focus earlier this year after allegations that the phone numbers of the app’s nearly 500 million users were leaked and put up for sale online. The app has an estimated 2 billion users worldwide.

As the most popular chat platform in the world, WhatsApp is also used by cybercriminals to find and target potential victims, with jobseekers reportedly losing $100 million in a recent scam that also targeted Telegram users.