A recent security breach over at Timehop – an application that shows users the social media posts they published on the same day in previous years – has left the sensitive details of everyday internet users compromised yet again.
The nature of this particular app – which connects to other central social media platforms like Facebook and Twitter – triggered alarms that user credentials for all connected sites were put at risk. This does not appear to be the situation, but the company did warn users that phone numbers had been accessed and that those who had used their carrier account information to sign up should “take additional precautions” with their cellular providers.
Access to a phone number may seem like a low risk factor in terms of personal security. But that couldn’t be further from the truth. Hackers don’t target cell phone numbers to give random strangers a call. They use the information to bypass security settings that use mobile numbers as a layer of security for sensitive online accounts.
Many of our online security guides, for example, suggest enabling two-factor authentication for accounts when the service is available. With two-factor authentication enabled, users have an extra layer of security during the login process. After a password is entered, the user receives another code (through text, email, or an app), which must be entered before gaining access. If a hacker has your phone number along with other cobbled-together pieces of personal information, they can potentially maneuver a SIM card change and effectively gain access to all your incoming SMS messages. This renders two-factor authentication useless, as the security codes are being sent straight to the online intruders.
One way to prevent serious breaches through manipulation of your phone number is to attach a PIN to your carrier account. This is a passcode connected to your account that you must provide to the company before adjusting any major settings. The PIN provides added security against hackers who, for example, might call up Verizon impersonating you to try and adjust your settings to gain access to your SMS messages. No PIN? No entry.
Whether you’re a Timehop user or not, this added security measure can help keep you protected against any potential intrusions. Below, we’ve put together a guide on how to add or update a PIN for your Verizon, Sprint, T-Mobile or AT&T account.
To set up your PIN with Verizon, head to VZW.com/PIN. Then sign in with your Verizon account. Enter a new chosen PIN, re-enter to confirm, and click submit.
You can also use the Verizon app to set up your PIN. For this option, head to your Account Settings, then Security, then “Manage Account PIN.”
Sprint also allows you to easily adjust PIN settings online, and will notify you any time a change occurs to help you monitor for fraudulent adjustment attempts.
Head to My Sprint on Sprint’s website. Go to the Profile and Security section and then Security information. From there, you can adjust your PIN as well as your security questions.
To adjust security code settings for AT&T, go to your online profile and choose your wireless account. Then head to the Wireless Passcode Settings and choose Manage Extra Security. To enable a PIN, check the box next to “Extra Security.”
To set up your T-Mobile PIN, head to My T-Mobile and log in. You’ll then be prompted to choose to use text message or Security questions as your verification mode of choice — set up your desired option. Once you’ve completed that process, you can access the PIN setting screen. Enter your secure, unique code and hit Next.