Facebook secretly allows you to be looked up via your 2FA phone number and you can't opt out

Just another in a long line of sketchy data practices by the social media giant

By Dean Pennington March 4, 2019, 10:23 11 comments

Facebook secretly allows you to be looked up via your 2FA phone number and you can't opt out

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

WTF?! Facebook is using the phone numbers they collect via two-factor authentication to serve ads, and now it turns out you can't opt out of the service once you've opted in. Additionally, Facebook is using the phone numbers as a "unique identifier," allowing everyone with an account to look up any user by their phone number. These uses of the data they collected under the guise of 2FA is sketchy at best, and nefarious at worse, and the company has once again come under fire for its data collection and security practices.

Facebook has already admitted to using phone numbers collected under the guise of two-factor authentication in order to target ads, and now it turns out you can't opt-out of the service once you're committed.

Two-factor authentication, or 2FA, is used to secure Facebook accounts by requiring a user to either answer a prompt on their phone or input a code texted to them when they log into the site from a new device or unrecognized browser. When Facebook originally rolled out 2FA, there was no indication that the phone numbers they were collecting would be used for advertising or tied to a user's profile.

As it turns out, Facebook's default setting allows anyone to look up your profile using your phone number, even if you only used it for 2FA and never actually added it to your profile.

Emoji historian (yes, that's his real occupation) Jeremy Burge sounded the alarm on Twitter after noticing that the setting to allow people to look up users via their phone number was set to "everyone" by default.

For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS
--- Jeremy Burge (@jeremyburge) March 1, 2019

To disable the phone number look-up feature, open the Facebook menu and select "settings." From there, click on the "privacy" tab and you'll find the setting in question under the "how people find and contact you" banner.

This is only one example of many when it comes to potentially nefarious uses of your data by Facebook. In addition to illegally collecting data from many popular Android apps, other sketchy behavior includes disabling logging out of Messenger, the merging of messaging platforms even across apps they don't own, and massive data leaks of sensitive user information.

11 comments 771 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot