Voicemail Hacking
Unauthorised access to a voicemail inbox, often by exploiting default or weak PINs, used to retrieve two-factor codes, private messages, and personal information.
Also known as: voicemail PIN hacking, voicemail breach, remote voicemail access fraud
Last reviewed: 10 June 2026
Most mobile voicemail systems require a PIN to access messages remotely. Many users never change the default PIN (often 0000 or 1234), and some carriers allow voicemail access without any PIN when calling from the registered number. Attackers exploit these weaknesses by calling the voicemail system directly and entering common PINs, or by spoofing the registered number so the carrier grants pinless access.
Voicemail hacking gained notoriety in the UK phone-hacking scandal involving tabloid journalists, but it is also a common tool in account-takeover fraud. Banks and services that fall back to a phone call when SMS delivery fails will leave a one-time passcode as a voicemail message. An attacker who has access to the voicemail inbox can retrieve that code and complete the account takeover.
To protect yourself, set a strong unique PIN on your voicemail immediately. If your carrier supports it, disable remote voicemail access entirely. Consider whether a bank that falls back to voicemail messages for OTP delivery represents an acceptable security risk, and switch to an authenticator app wherever possible.