Phone numbers biggest risk in data breaches
By the time T-Mobile announced in August 2018 that a data breach had compromised customers' names, billing zip codes, email addresses, account numbers, account types, phone numbers, and some hashed passwords, the most crucial of these had become phone numbers. Never intended as identifiers, phone numbers have become tools for authentication and therefore long-term "skeleton keys" to individuals' lives. Techniques such as SIM-swapping allow attackers to intercept SMS messages. Credit card companies manage such problems by making it easy to get a new card. For phones, a solution would be to use smartphones to generate unique identifiers from a combination of the phone number and device's IMEI number that would change for every new device and generating individual codes for two-factor authentication. As things are, however, it has become dangerous to give out personal phone numbers. Changing that situation will likely require government regulation.
tags: smartphones, 2FA,
writer: Lily Hay Newman