diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index b80cf0fd64..ff96acfc57 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -2462,7 +2462,7 @@ App::post('/v1/account/tokens/phone')
             if (isset($plan['authPhone'])) {
                 $timelimit = $timelimit('organization:{organizationId}', $plan['authPhone'], 30 * 24 * 60 * 60); // 30 days
                 $timelimit
-                    ->setParam('{organizationId}', $project->getAttribute('organizationId'));
+                    ->setParam('{organizationId}', $project->getAttribute('teamId'));
 
                 $abuse = new Abuse($timelimit);
                 if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
@@ -3582,7 +3582,7 @@ App::post('/v1/account/verification/phone')
             if (isset($plan['authPhone'])) {
                 $timelimit = $timelimit('organization:{organizationId}', $plan['authPhone'], 30 * 24 * 60 * 60); // 30 days
                 $timelimit
-                    ->setParam('{organizationId}', $project->getAttribute('organizationId'));
+                    ->setParam('{organizationId}', $project->getAttribute('teamId'));
 
                 $abuse = new Abuse($timelimit);
                 if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
@@ -4143,7 +4143,7 @@ App::post('/v1/account/mfa/challenge')
                 if (isset($plan['authPhone'])) {
                     $timelimit = $timelimit('organization:{organizationId}', $plan['authPhone'], 30 * 24 * 60 * 60); // 30 days
                     $timelimit
-                        ->setParam('{organizationId}', $project->getAttribute('organizationId'));
+                        ->setParam('{organizationId}', $project->getAttribute('teamId'));
 
                     $abuse = new Abuse($timelimit);
                     if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index fc9f959ed2..461e90da58 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -701,7 +701,7 @@ App::post('/v1/teams/:teamId/memberships')
                 if (isset($plan['authPhone'])) {
                     $timelimit = $timelimit('organization:{organizationId}', $plan['authPhone'], 30 * 24 * 60 * 60); // 30 days
                     $timelimit
-                        ->setParam('{organizationId}', $project->getAttribute('organizationId'));
+                        ->setParam('{organizationId}', $project->getAttribute('teamId'));
 
                     $abuse = new Abuse($timelimit);
                     if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {