Attackers can (https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/) easily hijack WhatsApp accounts using call forwarding. A bit of social engineering, a user’s call by MMI code, and subsequent calls to his phone are redirected to the specified number. Further, the attacker only needs to receive a voice message with a WhatsApp re-registration code, and he will have full access to the contacts and messages of the victim. All this will not always work: here is social engineering, and a notification about setting up forwarding, and SMS from WhatsApp. However, the method is working. The best protection here would be two-factor authentication. If for some reason you suddenly didn’t care, here’s a great reason to set it up everywhere.