The risks of reusing phone numbers

The reality in Vietnam

To meet the growing demand for phone numbers, telecommunications providers are increasingly resorting to reusing inactive numbers after a waiting period, typically around 45 to 60 days.

This has become more common as Vietnam has witnessed a rapid increase in mobile phone usage, with a total of 168.5 million active mobile connections by early 2024 (data from DataReportal), equivalent to 169.8% of the total population. While this approach effectively mitigates the shortage of phone numbers, it also creates a range of cybersecurity challenges.

The risks of reusing phone numbers.

Raghav Iyer, a product and cybersecurity consultant at ManageEngine, emphasized that reusing phone numbers can pose cybersecurity risks ranging from security to privacy.

"Given the crucial role of phone numbers as digital identities, these cybersecurity risks, if not handled properly, could facilitate identity theft. Malicious actors could exploit recycled phone numbers to conceal their identities and carry out various cyberattacks," Raghav Iyer shared.

According to him, cyberattackers can find used phone numbers through various methods, from monitoring online platforms and using phone number reassignment lists to purchasing data or random dialing…

He analyzed that reusing phone numbers would present four security challenges. The biggest risk is the potential for users to have their accounts compromised. Verification codes and account recovery details are often sent to a mobile phone number. If this number is shared with other users, it can lead to account hijacking.

Furthermore, the reuse of phone numbers can lead to data leaks, calls and messages intended for the previous owner of a number being received by the new owner instead; service disruptions; phishing attacks and non-technical attacks…

Solution

To minimize the risks from phone number reuse, according to Raghav Iyer, telecommunications providers must implement robust protocols, including rigorous data cleaning procedures, to ensure the complete removal of personal information associated with reused phone numbers.

Furthermore, separating user identity from phone numbers is crucial. This can be achieved through the use of virtual numbers or temporary identifiers for online services.

Ultimately, user awareness and vigilance are paramount. Individuals should exercise caution when sharing personal information online and prioritize strong password methods. Enabling two-factor authentication and avoiding suspicious links are essential steps to protect against phishing attacks.

As the demand for phone numbers skyrockets, service providers will inevitably turn to number reuse as a solution. However, this practice must be carefully managed to prioritize data privacy. Concerns about leftover data, privacy violations, and eroded trust must be taken seriously.

A collaborative approach involving telecommunications companies, technology providers, and individuals is essential to mitigate these risks.

By implementing rigorous data cleaning procedures, exploring alternative identification methods, and promoting cybersecurity awareness, the negative impact of phone number reuse can be minimized and user privacy protected.