If you’ve transitioned to a new phone number, your former number will likely be allocated to a new user. This common practice of reassigning phone numbers carries considerable privacy and security risks, as highlighted by a study.
Easily acquired, these recycled numbers pose threats including account takeovers, phishing, and spam attacks, and could obstruct new users’ access to online services, sometimes leading to extortion for the number’s release.
Attack Mechanisms
The study identifies eight attack methods, with the reverse lookup attack being the most straightforward and cost-effective. In this approach, perpetrators exploit the carrier’s online interface to pinpoint a reassigned number, purchase it, and hijack the associated accounts, particularly if the original user relied on SMS-based two-factor authentication (2FA) without updating their number.
Of 259 analyzed numbers, 66% were susceptible to unauthorized access on prominent platforms such as Amazon, AOL, Facebook, Google, PayPal, and Yahoo, while 39% were associated with exposed credentials online, undermining SMS 2FA protection. For instance, an exposed phone number previously linked to your Facebook account could allow an attacker to commandeer your profile, change your password, and exclude you from access.
Furthermore, the same percentage of numbers could reveal sensitive personal details, such as names and locations of former owners, through services like BeenVerified or Intelius. The research also details five other schemes exploiting number recycling, posing risks to past and prospective owners by facilitating impersonation, account takeovers, and denial-of-service assaults.
Cease utilizing your mobile number for two-factor authentication.
Utilizing SMS-based authentication can pose significant security risks, as perpetrators can bypass the need for knowing your password to reset and gain access to your account via your phone number.
If a change in your phone number becomes necessary, the research advises you to follow these steps:
- Primarily, disconnect your phone number from any online services.
- Opt for a more secure substitute to SMS, such as authenticator applications or, if feasible, hardware keys.
- Consider availing of a cost-effective number “parking” service to retain your old number.
The magnitude and frequency of data breaches are escalating, compromising the details of hundreds of millions of individuals associated with social media networks and various online services. With these leaks providing aid to ill-intentioned individuals to exploit this information for personal advantage, it becomes crucially important to vigilantly manage the security and privacy of your accounts.
Private internet access openvpn ubuntu
Get on app store
get on play store