Security researchers at Princeton University and the Center for Information Technology Policy have identified a number of privacy and security concerns with reassigned mobile phone numbers.
Criminals can use old numbers to hack accounts, conduct phishing and spam attacks, and even unsubscribe victims from online services.
Nearly 66% of old and reassigned numbers are associated with previous owners’ accounts on popular websites, potentially leading to a takeover of accounts through a simple recovery process.
“An attacker can iterate over the available numbers and check if any of them are associated with the online accounts of the previous owners. A hacker can reset the password for accounts, as well as receive and correctly enter a one-time password sent in an SMS message, ”the experts explained.
Of the 259 T-Mobile and Verizon Wireless phone numbers analyzed, 100 were linked to past compromised email addresses. Access to such information allows you to bypass SMS-based multi-factor authentication. In addition, 171 of the 259 available numbers were listed on public information search services such as BeenVerified. It also provides criminals with an opportunity to find out confidential information about the previous owners of the number.
See how to protect yourself here
Catch up on more stories here