Facebook Uses Two-Factor Authentication Phone Numbers to Help Users Find You

Share

Facebook allows people to search for profiles using phone numbers linked to a particular account, even if you've chosen to hide this information from the public.

What remains is that Facebook will use submitted phone numbers to suggest friend connections for those upload related contact information, even if that friend only provided the phone number for 2FA account security.

Outrage over Facebook's phone-number slurping was sparked on Friday by Emojipedia founder Jeremy Burge, who publicly criticized Mark Zuckerberg's information-harvesting operation for making users searchable via phone numbers submitted for the ostensible objective of account security.

In response to the growing outrage over Facebook's latest data misuse scandal, a company spokesperson told TechCrunch, "We appreciate the feedback we've received about these settings and will take it into account". The default setting is "everyone", but you can change that to "friends of friends" or just "friends".

As SMS become the more convenient method of adapting to 2FA, companies ranging from social media platforms to telcoms have started exploiting phone numbers for search and ads and it's imperative to switch to Authenticator apps - the true 2-factor authentication. And remember, by default Facebook allows the whole world to find out who you are by entering your phone number.

A reporter with The Telegraph was alarmed when her profile could be searched using her phone number which she had never given to Facebook. "Now it can be searched and there's no way to disable that".

No quick fix for Brendan Rodgers as Leicester lost to Watford
He spoke enthusiastically about a "fantastic group of players" with a great ... I was pleased despite not getting the result.

OR man Jeremy Taylor survives snowstorm by eating hot sauce
On Sunday, February 24 , outdoorsman Jeremy Taylor filled up his Toyota 4Runner with gas, and set off into the OR snow. Authorities said that he tried to hike out, but the snow was too deep, so he returned to the auto with his dog.

State of emergency declared for 5 flooded counties in Northern California
The river crested at 45.38 feet, the National Weather Service said, announcing preliminary results Thursday morning. Mud-covered refrigerators, display cases and food crates were strewn about by 6-foot-high (2 meters) murky water.

Now it seems, the use of phone numbers is being extended to help others find you on the network and Facebook won't allow you to stop it happening.

Facebook also apparently shares numbers used for 2FA with its other services.

In a statement, Facebook addressed some of Burge's criticisms: "We've been hearing questions about two-factor authentication and phone number settings on Facebook".

This one has to do with the social network calling on users to secure their accounts with a phone number for additional two-factor authentication protection.

"This isn't a mistake now, this is clearly an intentional product choice", he said via Twitter, adding that Facebook needs someone in the product design chain advocating for security.

For all the privacy concerns and data breaches that have risen around Facebook in recent years, it's easy to forget the smaller instances of data vulnerability built into the foundation of user profiles. FB can't credibly require 2FA for high-risk accounts without segmenting that from search & ads.

Share