They don’t tell you this when you switch numbers. But Amazon’s system does something reckless. If you give up your old phone number and someone else picks it up later, they can walk straight into your Amazon account. No password. No email. No questions. Just the phone number alone is enough.
That number? It’s the key. And once Amazon sees that it belongs to someone new, it hands over the entire account like a hotel room with the door propped open.
This isn’t theoretical. It’s been happening for years. Back in 2020, someone tried to make a new Amazon account with their freshly issued number and found themselves staring into a stranger’s past. Order history, digital movies, shipping addresses, even stored payment methods were wide open. All because a number changed hands.
Now imagine it’s your account. You move. You switch carriers. You forget to update your info. And suddenly, a complete stranger has access to everything you’ve bought, watched, stored, or shipped for years. You might not even know it until new orders start appearing that you didn’t place.
This completely bypasses passwords. Two-factor authentication becomes useless if it’s tied to the phone number. The person with your old number doesn’t need to know your name, your email, your dog’s birthday. They just need the number and a bit of luck. And in many cases, Amazon gives them the green light automatically.
Other companies are just as sloppy. Plenty of websites still treat phone numbers as identity verification. They’ll let you reset passwords, unlock accounts, change settings, all through a recycled number.
Here’s how to protect yourself:
First, don’t assume your accounts are safe once you change your number. Update your contact info with every site that matters, especially any with stored payment data.
Second, if you use Amazon, turn on two-factor authentication. But don’t use text messages. Use an authenticator app like Microsoft Authenticator. It works offline, it’s tied to your device, and it keeps the door locked when the number changes.
This isn’t a bug. It’s a design flaw. One that exposes millions. If you’ve had the same number for a decade, you’re lucky. If you’ve switched recently, you might be bleeding data and not know it.