It sounds like the system you describe does not use end-to-end encryption.

To put it another way: WhatsApp claim to use end-to-end encryption for their messaging service [1]. If a hacker gained unrestricted access to their online server and database, could that hacker read any user messages?

[1] https://www.whatsapp.com/faq/en/general/28030015

> It is believed that the hack compromised personal data from the accounts including names, email addresses, telephone numbers, dates of birth, hashed passwords (the majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

https://en.wikipedia.org/wiki/Yahoo!_data_breach

i.e. messages weren't stolen, account information was.