Looming Security Threat: Your Phone Number May Be Vulnerable

Posted by Richard on April 10, 2019

Suppose for some reason you lose your phone number. Then suppose it is recycled to people with bad intent. Could the number be used to fetch passwords? Could they get into your email?

You bet they could.

Millions of people get new phone numbers, some of which have been used in the past by someone else. In the best case, the new owner gets lots of annoying FaceTime requests from teenagers. In the worst case, he gets a text every time the previous owner makes a bank deposit. Why? That someone hasn’t changed his phone number with the bank.

According to KrebsOnSecurity, that’s just the tip of an enormous security iceberg. Many companies have built their user authentication programs around phone numbers.

One person who tested the security of phone numbers found this out. He got a new number then went to a large email provider and typed the new number in the login. The provider then offered to reset his password and sent a SMS message with a code. He got in using the code. Except for one thing: He got into the email of another person, the one who previously owned the phone number.

Imagine what bad actors could find out about you if they could read your email.

The fact is that phone numbers today are tied to a person’s identity and attackers can use the number as an identity document.

It’s not just recycled phone numbers that can be vulnerable either, since there are hacks that allow the theft of numbers.

That makes everyone with a phone vulnerable, but there are some things you can do:
* Close accounts you don’t use.
* If you don’t have to give your phone number online, don’t.
* If your number has changed, go to every account and update your phone number.
* You can also disable SMS text codes.