Yes, Facebook compromises your 2FA phone number

jobeard

TS Ambassador
Excerpt: https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/

Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) —

A spokesman also told us that users can opt out of this ad-based repurposing of their security digits by not using phone number based 2FA. (Albeit, the company only added the ability to do non-mobile phone based 2FA back in May, so anyone before then was all outta luck.)
 

Netfox

TS Enthusiast
Nothing strange. Facebook showed him as a financial organisation already. They collect everything in order to provide you with tons of spammy ads. They have nothing common with privacy! I hope that people will understand it soon and switch to something worthy.
 

jobeard

TS Ambassador
Yet another Facebook problem

NBC is reporting
https://www.nbcnews.com/tech/tech-news/facebook-s-security-flaws-exposed-more-facebook-here-s-what-n915321


SAN FRANCISCO — The security issue Facebook announced on Friday has alarmed researchers who say attackers collected information that not only gave access to sensitive information on Facebook, but also could be used to access many websites that use the social network's "Login with Facebook" function.

Jason Polakis, an assistant professor of computer science at the University of Illinois at Chicago, said Facebook users should check their connected apps for any accounts they had not signed up for.

  • Go to Facebook and click on the arrow in the top right.
  • Click on “Settings” and then on “Apps and Websites.”
  • These are the companies with which your account has been logged in using your Facebook account. If you see any companies you do not recognize, you should report them to Facebook.
  • For companies you did use Facebook’s single sign-on, go to those accounts to see if anything has changed or there was any recent suspicious activity.
  • Keep an eye out for any suspicious activity such as emails from companies that you have not signed up for.


Additionally, Facebook has known and written up Some issues to consider with Single Sign-on.
While you'll have fewer password to remember, there are some things to think about when you use Facebook's Single Sign-on:

  • If you are not logged into Facebook when you attempt to log into another web site using your Facebook account, you will be redirected to the Facebook site to log in. Remember, Facebook handles the username and password credentials for you. Just make sure it really is the Facebook site when you log in.
  • If you borrow someone's computer or use a public computer, always remember to log out of your Facebook account.

You can edit some of the capabilities that a web site has through your Facebook Account Settings:

  • Click on the "triangle" drop-down menu in the upper right portion of the Facebook page.
  • Select "Account Settings". A new page will open.
  • On the upper left portion of the Facebook page you will see a tab called "Applications". Click on it.
  • A list of your allowed applications are presented. Look for the web site that you want to edit. Click the "Edit" word.
  • For the options that say "remove" you can remove that capability for that web site. You can also see what data the web site looked at and when that occurred.
  • To remove the access for the entire web site, click on the "X" icon to the right. A window will open asking you to confirm the removal.

  • This work is licensed under a Creative Commons Attribution-ShareAlike 3.0,
  • Unported (CC BY-SA 3.0) License.