Your phone was stolen. Do you change your phone number? What would you do?

One of our members finds herself in a situation where her phone is in the hands of a stranger. She has located and even remotely locked the phone (following advice that can be found in My phone is lost or was stolen - now what?), but about four hours elapsed before she took those steps.

She has been able to send, receive, and monitor her text messages, since Republic Anywhere is installed on a computer.

Now, as she awaits the arrival of a replacement phone, she wonders whether she should change her phone number when she activates the new phone.

I’ve given her my own opinion, but would feel far more comfortable having some additional guidance from others in our Community.

  1. Would you change your phone number in this situation? Why or why not?
  2. What other safety steps would you take?

I’m not sure about #1 but I have thoughts on 2. :thinking:

If I thought a stranger had access to my phone and apps I would change the passwords of those apps via my computer.
Apps like email, social networking sites (FB…), financial/banking or other such apps.

5 Likes

I would see no reason to change my phone number. Phone numbers are not a secret. They’re out there. They used to be published and dropped on everyone’s doorstep each year. Caller ID spoofing is possible and widely used by spammers. As far as I’m concerned there’s nothing at all that someone having my phone would change about the risk to my number.

(As a little side rant I’d like to add how much hate I have for the services that supposedly protect you from things like identity theft that alert you that your phone number has been “found” on the dark web. This is such a meaningless alert, created for no reason other than to keep you renewing your service and it panics people. It makes me so angry that companies that have products that are supposed to be protecting you and in reality they use their products to take advantage of you. Argh.)

As far as what else, I second @SuperT If not already done, every single password associated with any account that might have been on that phone should be immediately changed.

4 Likes

If the person who lost the phone had a screen lock set up on the lost phone, I probably wouldn’t worry about anything. If the user did not have a screen lock set up, I would certainly recommend it for the replacement phone.

As far as changing the phone number, I probably wouldn’t change it, but if it makes the user more comfortable, go for it. I might contact some of my closer contacts letting them know that my phone was in the hands of a stranger, and that the stranger might have access to their contact info. Once again, the risk would have been mitigated with a screen lock PIN, pattern, or fingerprint.

1 Like

For the described circumstances, I wouldn’t be inclined to change the phone number. Phone numbers are reasonably public anyway. I wouldn’t be overly concerned whomever came into possession of the phone would spoof its’ number. Scammers using number spoofing generally just pick random numbers for that.

I would also be inclined to change app and/or website passwords for services used particularly any that used the phone number as a second authentication method. If not already done, I’d also make sure an account PIN is setup for the Republic account to further prevent the remote possibility whomever came into possession of the phone might attempt to transfer (port) the number away from Republic. For more on that: How Do I Prevent an Unauthorized Transfer of My Phone Number to a Different Carrier? – Republic Help.

As a general security matter, I’ll mention it’s critical one use unique not easily guessed passwords for the apps and services one uses. Using the same password across multiple apps and websites is asking for trouble. A password manager helps tremendously with that. I use Bitwarden, which is free and open source.

Lastly, email addresses are as public (if not more so) than phone numbers. As many apps and services (Republic included) use one’s email address as part of one’s login credentials, making sure those services are properly secured with strong passwords and/or multi-factor authentication is worthwhile. This can be quite illuminating: https://haveibeenpwned.com/. There’s no need to panic about what one sees at that website (just be certain one changes the password and uses a strong password going forward for any identified compromised sites).

3 Likes
Message an
Expert customer