MOMBASA, Kenya — A university student has been charged in connection with the alleged hacking of a journalist’s WhatsApp account, in a case highlighting the growing use of cybercrime laws in Kenya.
The accused appeared before Mombasa Resident Magistrate Green Odera, where prosecutors preferred multiple charges under the Computer Misuse and Cybercrimes Act, 2018.
According to the prosecution, the student is accused of unauthorised access to a computer system, contrary to Section 14(1) of the Act, as well as accessing a system with intent to commit a further offence under Section 15.
The court heard that the accused allegedly gained access to the journalist’s WhatsApp account with the intention of committing theft.
“He was also charged with identity theft and impersonation under Section 29 of the Act, for allegedly stealing and using the journalist’s identity to defraud unsuspecting contacts,” the DPP stated.
Prosecutors further alleged that the suspect used the compromised account to impersonate the journalist and attempt to defraud individuals within the victim’s contact network.
The court was also told that on April 14, 2026, the accused was allegedly found in possession of 39 Safaricom SIM card passwords suspected to have been obtained fraudulently and used in related offences.
The student denied all charges and entered a plea of not guilty.
Principal Prosecution Counsel Purity Musembi opposed his release on bond, arguing that ongoing investigations could be compromised if the suspect is released.
“The investigating officer informed the court that forensic analysis is being conducted on seized electronic devices,” the DPP said in a statement.
Investigators also indicated that the accused may be linked to other cyber-related offences.
Magistrate Odera ordered that the suspect be remanded at Urban Police Station pending a ruling on the bond application.
Also Read: WhatsApp to introduce usernames, allowing chat without phone numbers
The case is being prosecuted under Kenya’s Computer Misuse and Cybercrimes Act, 2018, which criminalises unauthorised access to digital systems, identity theft, and related offences.
Section 14(1) criminalises gaining access to a computer system without permission, regardless of whether further harm occurs.
Section 15 addresses more serious cases where unauthorised access is linked to intent to commit further offences such as fraud or theft, carrying heavier penalties.
Section 29 covers identity theft and impersonation, including misuse of digital identities such as messaging or social media accounts to deceive or obtain unlawful benefit.
Cybersecurity experts have previously warned of a rise in social media and messaging account takeovers in Kenya, often linked to SIM-swap fraud, phishing schemes, and leaked credential databases, with journalists and public figures increasingly targeted.
