Facebook secretly allows you to be looked up via your 2FA phone number and you can't opt out

WTF?! Facebook is using the phone numbers they collect via two-factor authentication to serve ads, and now it turns out you can't opt out of the service once you've opted in. Additionally, Facebook is using the phone numbers as a "unique identifier," allowing everyone with an account to look up any user by their phone number. These uses of the data they collected under the guise of 2FA is sketchy at best, and nefarious at worse, and the company has once again come under fire for its data collection and security practices.

Facebook has already admitted to using phone numbers collected under the guise of two-factor authentication in order to target ads, and now it turns out you can't opt-out of the service once you're committed.

Two-factor authentication, or 2FA, is used to secure Facebook accounts by requiring a user to either answer a prompt on their phone or input a code texted to them when they log into the site from a new device or unrecognized browser. When Facebook originally rolled out 2FA, there was no indication that the phone numbers they were collecting would be used for advertising or tied to a user's profile.

As it turns out, Facebook's default setting allows anyone to look up your profile using your phone number, even if you only used it for 2FA and never actually added it to your profile.

Emoji historian (yes, that's his real occupation ) Jeremy Burge sounded the alarm on Twitter after noticing that the setting to allow people to look up users via their phone number was set to "everyone" by default.

For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS

— Jeremy Burge (@jeremyburge)

To disable the phone number look-up feature, open the Facebook menu and select "settings." From there, click on the "privacy" tab and you'll find the setting in question under the "how people find and contact you" banner.

This is only one example of many when it comes to potentially nefarious uses of your data by Facebook. In addition to illegally collecting data from many popular Android apps, other sketchy behavior includes disabling logging out of Messenger, the merging of messaging platforms even across apps they don't own, and massive data leaks of sensitive user information.

Related Reads

  • Facebook is using 2FA phone numbers to target ads
  • Timehop's lack of 2FA led to data breach affecting 21 million users
  • New reverse proxy tool posted on Github can easily bypass 2FA and automate phishing attacks
  • Mozilla's new 'Facebook Container' extension aims to prevent Facebook from monitoring your web activity

Share this article:

Similar Articles:

You Gave Facebook Your Number For Security. They Used It For Ads.

You Gave Facebook Your Number For Security. They Used It For Ads.

Now Facebook is allowing anyone to look you up using your security phone number

Now Facebook is allowing anyone to look you up using your security phone number

Facebook’s new 10-digit security hole

Facebook’s new 10-digit security hole

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk