Story

Your old phone number can be used to gain access to your private information

When your old number gets a new user, the data associated with the old number also becomes accessible to the new user.

Highlights

  • The mobile carriers often recycle your old number and assign it to a new user.
  • The telecom companies do it stop number exhaustion, but this process is not safe for the users, who previously owned the numbers
  • This can put the users at privacy and security risks.

Ever wondered what happens to your old phone number, when you get a new one? The mobile carriers often recycle your old number and assign it to a new user. The telecom companies do it to stop number exhaustion, but this process is not safe for the users, who previously owned the numbers. When your old number gets a new user, the data associated with the old number also becomes accessible to the new user. This can put the users at privacy and security risks.

As per the new findings of Princeton University researchers, the whole act of recycling numbers can put the users at security and privacy risks. The recycled numbers allow new users to access the information of old users. When you change your number, you forget to immediately update your new number in all digital accounts. For instance, you might still be using your old number in one of the e-commerce apps.

The report by Princeton University revealed that a journalist after getting a new number was bombarded d with texts containing blood test results and spa appointment reservations."We obtained 200 recycled numbers for one week and found 19 of them were still receiving security/privacy-sensitive calls and messages (e.g., authentication passcodes, prescription refill reminders). New owners who are unknowingly assigned a recycled number may realize the incentives to exploit upon receiving unsolicited sensitive communication, and become opportunistic adversaries," Arvind Narayanan, one of the researchers said in the report.

The researchers had listed eight possible threats that could arise due to the number recycling. One of the major threats that an old user can be subjected to a phishing attack. Once a number is assigned to a new subscriber, they can phish the subscriber through SMS, the report states. Subscribers tend to fall for phishing attacks when the messages seem believable. The attacker can also use the number to sign up for y sign up for various alerts, newsletters, campaigns, and robocalls. Attackers can also use the recycled number break into profiles linked with the number t online via SMS-authenticated password resets.

The researchers at Princeton reached out to US-based carriers including Verizon and T-mobile, but the telecom companies have not done anything to stop the potential attacks." We signed up for one prepaid account at each of the two largest U.S. carriers—Verizon Wireless and T-Mobile. Both carriers provide an online interface for subscribers to change their phone number," the report states.