It’s time to stop giving out your real phone number around the web. If you can avoid it, don’t link your phone number to your various online accounts, because if (or when) those services are breached — as just happened to Facebook and, almost, TikTok — your number will hanging out in the open for anyone to mess with. Worse, it’ll probably be associated with other information about you, which could lead to spam and annoying phishing attempts.
This gives you two options to consider. First, if you strip your phone number from your online accounts, you’ll have to move away from using less-secure (but better than nothing) text-based authentication for 2FA. That’s actually a good thing — but you’ll need to grab an app like Authy or Google Authenticator to meet your two-factor authentication needs going forward. They’re super-easy to set up, and you should already be using them for any service that supports them. Full stop.
If you can’t remove your phone number from a service — because it requires you to submit a phone number in order to create an account or verify your account — do anything you can to avoid giving up your real phone number. For most people, that means setting up a free Google Voice number, forwarding its messages to your actual phone number, and submitting the Google Voice number whenever you need to provide one to access an account or service.
While that won’t stop a sea of spam headed your way if or when that phone number leaks out, Google’s service includes plenty of built-in spam-fighting tools. And you can always change your Google Voice number if you find yourself inundated as the result of a future leak, or stop using Google Voice as a forwarding service altogether and simply use it as a place where the calls you don’t want to take can go to die.
As for Facebook…
Since most people using Facebook probably linked their number to their accounts — just because, or as a result of Facebook’s prodding that they do so — it’s advisable to be a bit more suspicious of any unexpected texts or phone calls you receive. Even if they address you by name or seem to have information about you that would normally suggest their legitimacy, keep your guard up.
While I’m willing to bet that you won’t receive any increased spam beyond the normal amounts you already get via text and phone, it never hurts to be extra cautious when one of these large data leaks occurs. In the meantime, go ahead and remove your phone number from Facebook by visiting your Mobile Settings. Then, set up 2FA with whatever app you’ve selected, and repeat the process for the other major online services you’ve given your digits to.