PogoWasRight.org

Menu
  • About
  • Privacy
Menu

How To Protect Your Phone Number On Twitter

Posted on February 7, 2020June 24, 2025 by Dissent

Gennie Gebhart of EFF has a how-to protect your phone number in the wake of a breach that Twitter revealed this past week:

The bad news is that Twitter has disclosed a failure to protect users’ phone numbers, again. The good news is that Twitter users can take steps to protect themselves.

Earlier this week, Twitter announced it had discovered and shut down “a large network of fake accounts” that were uploading large numbers of phone numbers and using tools in Twitter’s API to match them to individual usernames. This type of activity can be used to build a reverse-lookup tool, to find the phone number associated with a given username.

These tools in Twitter’s API can only match phone numbers to Twitter accounts for those who 1) have “phone number discoverability” turned on in their settings and 2) have a phone number associated with their account. If neither of those are true for you, then your account was not exposed by this problem. Here’s how to check your settings and make sure they are where you want them:

1. To check your discoverability settings, head to the Privacy and safety section of your account settings, then scroll down a bit and select Discoverability and contacts—or just go to https://twitter.com/settings/contacts.

2. You want “Let people who have your phone number find you on Twitter” unchecked. (And while you’re at it, make sure “Let people who have your email address find you on Twitter” is unchecked, too.) Unless you are in the EU, where the GDPR requires that features like this be opt-in, these are both checked by default.

3. To check whether or not you have a phone number associated with your account, go to the Account section of your settings and select Phone—or just go to https://twitter.com/settings/phone.

4. If you see a phone number there that you do not want associated with your profile, click Delete phone number.

There are a number of reasons you might have a phone number here: you may have added it when you signed up (Twitter sometimes requires phone numbers for new accounts), or when you turned on SMS-based two-factor authentication. Note that, even if you disable two-factor authentication, the phone number you used for it will still be hanging around in your account information, and you’ll have to go to that “Phone” section to affirmatively delete it from your account.

Most egregiously on Twitter’s part, you may also have a phone number in your account because Twitter made you put it there to prove you’re not a spammer. When Twitter marks an account as a “bot,” it may require the account holder to provide a phone number to unlock and get back into their account.

If Twitter is going to make users provide this sensitive identifying information to create and even regain access to their accounts, it has a responsibility to protect that information—and it has not fulfilled that responsibility.

No related posts.

Category: BreachesBusinessFeatured NewsOnline

Post navigation

← Privacy Commissioner of Canada files Notice of Application with the Federal Court against Facebook, Inc
Your Poorly Secured Medical Credit Score Could Deny You Care →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy