diff --git a/web/admin/src/app/[locale]/admin/login/page.tsx b/web/admin/src/app/[locale]/admin/login/page.tsx
index 3f60047..7f420c1 100644
--- a/web/admin/src/app/[locale]/admin/login/page.tsx
+++ b/web/admin/src/app/[locale]/admin/login/page.tsx
@@ -23,8 +23,11 @@ export default function AdminLoginPage() {
 
   const [tab, setTab] = useState<LoginTab>("otp");
 
-  // OTP state
-  const [phone, setPhone] = useState("09120000001");
+  // OTP state — never prefill a real-looking phone in production; a placeholder
+  // number sends the OTP to a non-existent admin and returns a confusing 404.
+  const [phone, setPhone] = useState(
+    process.env.NODE_ENV === "development" ? "09120000001" : ""
+  );
   const [code, setCode] = useState("");
   const [otpStep, setOtpStep] = useState<"phone" | "otp">("phone");