How To Protect Your Phone Number On Twitter

The bad news is that Twitter has disclosed a failure to protect users' phone numbers, again. The good news is that Twitter users can take steps to protect themselves.

Earlier this

week, Twitter announced it had discovered and shut down a large network of fake accounts that were uploading large numbers of phone numbers and using tools in Twitters API to match them to individual usernames. This type of activity can be used to build a reverse-lookup tool, to find the phone number associated with a given username.

These tools in Twitter's API can only match phone numbers to Twitter accounts for those who 1) have phone number discoverability turned on in their settings and 2) have a phone number associated with their account. If neither of those are true for you, then your account was not exposed by this problem. Here's how to check your settings and make sure they are where you want them:

1. To check your discoverability settings, head to the Privacy and safety section of your account settings, then scroll down a bit and select Discoverability and contactsor just go to https://twitter.com/settings/contacts.

2. You want Let people who have your phone number find you on Twitter unchecked. (And while youre at it, make sure Let people who have your email address find you on Twitter is unchecked, too.) Unless you are in the EU, where the GDPR requires that features like this be opt-in, these are both checked by default.

3. To check whether or not you have a phone number associated with your account, go to the Account section of your settings and select Phoneor just go to https://twitter.com/settings/phone.

4. If you see a phone number there that you do not want associated with your profile, click Delete phone number.

There are a number of reasons you might have a phone number here: you may have added it when you signed up (Twitter sometimes requires phone numbers for new accounts), or when you turned on SMS-based two-factor authentication. Note that, even if you disable two-factor authentication, the phone number you used for it will still be hanging around in your account information, and youll have to go to that Phone section to affirmatively delete it from your account.

Most egregiously on Twitters part, you may also have a phone number in your account because Twitter made you put it there to prove youre not a spammer. When Twitter marks an account as a bot, it may require the account holder to provide a phone number to unlock and get back into their account.

If Twitter is going to make users provide this sensitive identifying information to create and even regain access to their accounts, it has a responsibility to protect that informationand it has not fulfilled that responsibility.