{"id":23385,"date":"2024-10-09T12:54:52","date_gmt":"2024-10-09T08:54:52","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=23385"},"modified":"2024-10-09T12:54:52","modified_gmt":"2024-10-09T08:54:52","slug":"2fa-codes-from-non-existent-accounts","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/2fa-codes-from-non-existent-accounts\/23385\/","title":{"rendered":"When you get a login code for an account you don’t have"},"content":{"rendered":"

We\u2019ve previously covered what to do if you receive an unexpected one-time login code<\/a> for one of your accounts (spoiler alert: it\u2019s probably a hacking attempt, and it\u2019s time to consider getting reliable protection for all your devices<\/a>).<\/p>\n

But sometimes the situation is different: you get a two-factor authentication code for a service where you\u2019ve never had an account. In this post, we\u2019ll discuss why this might happen, and how to react to such messages.<\/p>\n

Why you might receive a code for an unknown account<\/h2>\n

There are two basic explanations for receiving one-time login codes for an account you\u2019re certain doesn\u2019t belong to you.<\/p>\n

The first and most likely explanation: before you got your current phone number, it belonged to someone else. When they canceled their service, the number went back into circulation and eventually landed with you. This is called \u201cphone number recycling\u201d \u2014 a standard practice for mobile service providers.<\/p>\n

Thus, the previous owner of your number registered an account using it. And now, either they\u2019re trying to log in, or someone else is attempting to hack their account. As a result, one-time login codes are being sent to the number (which now belongs to you).<\/p>\n

The less likely scenario is that someone is unintentionally trying to register an account using your phone number. Perhaps they mistyped their own number, or simply entered a random sequence of digits that happened to be yours.<\/p>\n

What to do<\/h2>\n

No matter which of the above scenarios may have occurred, the good news is it\u2019s not your problem. You don\u2019t need to do anything and there\u2019s nothing to worry about \u2014 unless you plan on creating an account with that service. If you do, you might run into a problem: your number is already associated with an existing (albeit abandoned) account. In that case, contact the service\u2019s support team and explain the situation, and ask them to detach the unknown account from your number while mentioning that you\u2019re a potential new customer.<\/p>\n

If support can\u2019t or won\u2019t help, there\u2019s nothing you can do except get an extra SIM card and link your account to the new number.<\/p>\n

What NOT to do<\/h2>\n

Now, let\u2019s talk about what you absolutely should not do: under no circumstances should you attempt to use the one-time codes you receive to access an account that doesn\u2019t belong to you<\/strong>. Curiosity killed the cat, and in this case it could have serious consequences.<\/p>\n

Accessing someone else\u2019s account isn\u2019t just unethical; it\u2019s illegal in most jurisdictions. For example, in the U.S., the very strict Computer Fraud and Abuse Act (CFAA, 18 U.S.C.<\/a> \u00a7 1030<\/a>), covers this. Germany has a Section 202 of its Criminal Code (StGB $ 202<\/a>), and the list goes on for most if not all countries worldwide. Although the probability of facing legal consequences for accessing someone else\u2019s account may not be high, it\u2019s not worth the risk.<\/p>\n

Keep in mind that this probability increases significantly if the account is linked to illegal activity. In that case, law enforcement might take a keen interest in anyone who accesses the account, and sooner or later you could find yourself facing some very uncomfortable questions.<\/p>\n

So, the best course of action when receiving a text message with a one-time login code for an account that doesn\u2019t belong to you is to simply ignore it. And to avoid any unnecessary trouble, absolutely do not try to log in to someone else\u2019s account.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.<\/p>\n","protected":false},"author":2706,"featured_media":23386,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[2088,1047,1474,359,976,2734,1022,46,54],"class_list":{"0":"post-23385","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-tips","9":"tag-2fa","10":"tag-accounts","11":"tag-authentication","12":"tag-online-services","13":"tag-otp","14":"tag-risks","15":"tag-sms","16":"tag-text-messages"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/2fa-codes-from-non-existent-accounts\/23385\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/2fa-codes-from-non-existent-accounts\/28122\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/2fa-codes-from-non-existent-accounts\/28274\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/2fa-codes-from-non-existent-accounts\/27755\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/2fa-codes-from-non-existent-accounts\/30492\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/2fa-codes-from-non-existent-accounts\/29239\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/2fa-codes-from-non-existent-accounts\/38353\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/2fa-codes-from-non-existent-accounts\/12881\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/2fa-codes-from-non-existent-accounts\/52397\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/2fa-codes-from-non-existent-accounts\/22302\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/2fa-codes-from-non-existent-accounts\/23052\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/2fa-codes-from-non-existent-accounts\/31714\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/2fa-codes-from-non-existent-accounts\/28368\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/2fa-codes-from-non-existent-accounts\/34196\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/2fa-codes-from-non-existent-accounts\/33853\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/2fa\/","name":"2FA"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=23385"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23385\/revisions"}],"predecessor-version":[{"id":23387,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23385\/revisions\/23387"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23386"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=23385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=23385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=23385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}