There is no simple solution to this. In some situations, giving your digits to institutions like your bank provides an extra layer of security. But in most cases, the potential dangers and annoyances of handing out your number outweigh the benefits, as you will read below.
How your phone number exposes you
It took only an hour for my cellphone number to expose my life.All that Mr. Tezisci, the researcher, had to do was plug my number into White Pages Premium, an online database that charges $5 a month for access to public records. He then did a thorough web search and followed a data trail — linking my name and address to information in other online background-checking tools and public records — to track down more details.
In an hour, this is what came up:
My current home address, its square footage, the cost of the property and the taxes I pay on it.
My past addresses from the last decade.
The full names of my mother, father, sister and aunt.
My past phone numbers, including the landline for my parents’ home.
Information about a property I previously owned, including its square footage and the mortgage taken out on it.
My lack of a criminal record.
While Fyde declined to hack into my accounts using the obtained information and my number, the company warned that there was plenty an attacker could do:
A hacker could try to reset my password for an online account by answering security questions like “What is your mother’s maiden name?” or “Which of the previous addresses did you live at?”
An attacker could use the personal information linked to my phone number to trick a customer service representative for my phone carrier into porting my number onto a new SIM card, thus hijacking my digits — a practice called SIM swapping.
A hijacker with control of my phone number could then break into my accounts if I had mechanisms in place to receive a security code in a text message when logging in to an online account.
A scammer could also use my hijacked phone number to trick members of my family into sharing their passwords or sending money.
A scammer could also target my phone number with phishing texts and robocalls.
An intruder could use knowledge of my phone number to call my voice mail inbox and try to crack the personal identification number to listen to my messages.
Marketers could also take advantage:
An ad tech agency could add my number to a detailed profile about me, linked to other information about my identity and web-browsing activities.
If I signed up for an internet service with my phone number, a brand that bought my digits from an ad firm could upload them into an ad tech tool to correlate the number with my online profile and serve targeted ads.
A shady marketing agency could add my number to a database to blast me with spam calls and text-messaged promotions.
When it’s wise to share your number (and when it’s not)
There are some situations when sharing your phone number is reasonable.
When you enter your user name and password to get into your online banking account, the bank may call or text you with a temporary code that you must enter before you can log in. This is a security mechanism known as two-factor verification. In this situation, your phone number is a useful extra factor to prove you are who you say you are.
“A phone number is a better identifier than just your name, but sometimes you want that,” said Simon Thorpe, director of product for Twilio, a communications company that works with phone carriers on combating robocalls.
But which companies should you trust with your phone number? Here’s where things get tricky.
Plenty of tech companies let you use your phone number to protect your accounts from unauthorized access. But even some legitimate brands like Facebook have been scrutinized for improper use of phone numbers.Last year, a study by the tech blog Gizmodo found that after a Facebook user set up two-step verification with his phone number, advertisers that uploaded his digits into Facebook’s database could match them to his Facebook profile and serve targeted ads. Separately, some people complained this year that the social network allowed them to look up a person’s Facebook profile just by typing a phone number into its search bar.
The company has removed the ability to find people’s profiles by entering their phone number, said Rochelle Nadhiri, a Facebook spokeswoman. She added that when a user set up two-step verification with a phone number, the company would not use the information to serve targeted ads.