PanicStation.org
UK USA
uk Technology & digital loss unknown linked device • companion device you don't recognise • new device connected to messages • someone linked my messaging account • suspicious linked session • linked devices notification • whatsapp linked devices unknown • signal linked device i don't know • messages for web paired without me • account session i didn't approve • possible account takeover • phone may be compromised • someone reading my messages • qr code pairing scam • messaging account hacked • device added to account alert • login activity i don't recognise • secure my messaging account now • sign out other devices

What to do if…
your messaging app shows your account is linked to a new companion device you do not recognise

Short answer

Treat it as a live compromise: immediately unlink/log out that companion device from inside the app, then secure the underlying account (new password + 2-step verification) from a device you trust.

Do not do these things

  • Don’t “test” the situation by messaging the unknown device/user or sending codes/screenshots to anyone.
  • Don’t approve any prompts you didn’t initiate (QR pairing, “new device” pop-ups, login approvals).
  • Don’t change lots of settings at random first — unlinking/logging out unknown devices comes first.
  • Don’t reuse an old password or a similar “variation” (attackers often try common variants).
  • Don’t ignore it because “nothing looks different” — companion devices can quietly mirror messages.

What to do now

  1. Get to a safer pause and use a trusted connection. If you’re on public Wi-Fi, switch to mobile data or a known safe network before you do anything else.
  2. Unlink the unknown companion device immediately (inside the messaging app).
    • Look for menus like Linked devices / Companion devices / Device pairing / Sessions and log out/remove anything you don’t recognise.
    • If there are multiple unknown entries, remove them all.
  3. Take quick evidence for yourself (30 seconds). Screenshot the linked device list showing device names, dates/times, and any “last active” info. This helps later if support, your employer, or police ask what happened.
  4. Secure the account behind the messaging app (from a clean device). Do these in this order:
    • Change the account password (or your Apple/Google account password if that’s what the app relies on).
    • Turn on 2-step verification (2SV) / two-factor authentication in the account security settings.
    • Sign out of other sessions/devices in the account’s security page (look for “Your devices” / “Manage devices” / “Sign out all”).
  5. If you can’t remove the device (or it comes back), escalate immediately. Use the app/provider’s official website and start their account recovery/support flow (avoid links from messages or emails you weren’t expecting).
  6. Check the email account that can reset your messaging account. Attackers often keep access by adding hidden rules. Quickly check for:
    • New forwarding addresses, mail rules/filters, or unfamiliar recovery email/phone numbers.
  7. Rule out SIM-swap risk (important if you use SMS codes).
    • If your phone suddenly lost signal earlier, you got “SIM changed” messages, or you can’t receive texts/calls, contact your mobile network provider using a known number (from their official site or your bill) and ask them to check for unauthorised SIM swaps/porting and add extra security where available.
  8. Tell a small number of people the minimum. If the attacker could message as you, send a short note (via a different channel, if possible) to close contacts or any group admins: “My account may have been accessed. If you get unusual messages/links from me, don’t act on them.”
  9. If money, threats, or impersonation are involved, report it.
    • In the UK, report cybercrime/fraud to Report Fraud (England, Wales, and Northern Ireland).
    • If you live in Scotland (or the crime happened there), report via Police Scotland (often via 101).
    • If the crime is happening right now or you’re in immediate danger, use 999.

What can wait

  • You do not need to work out how it happened right now.
  • You do not need to confront anyone, post public warnings, or gather “proof” beyond a couple of screenshots.
  • You do not need to factory-reset your phone unless you later confirm malware or ongoing re-linking.

Important reassurance

This situation is common and fixable. Acting quickly to unlink the device and secure the underlying account usually stops message mirroring fast, even if you’re not sure how the link was created.

Scope note

These are first steps to stop access and prevent immediate harm. If the device reappears after you remove it, you may need deeper account recovery (and potentially device security checks) with the provider’s support.

Important note

This guide gives general, practical first actions and isn’t legal or technical-forensics advice. If you believe you’re at risk of targeted harassment, stalking, or repeated account compromise, consider getting specialist support and making a formal report.

Additional Resources
Support us