Facebook Accused of Misusing Phone Numbers

Facebook users have found that a phone number they added to their account for the sole purpose of two-factor authentication can be used to look up their account by advertisers and strangers.

• By Sydny Shepard
• Mar 06, 2019

Two-factor authentication is becoming more common with the accounts that we use every day, especially our social media accounts. This two-factor authentication is supposed to be used to ensure the security and privacy of your data, but what if that phone number was being used to find you?

That's exactly what Jeremy Burge, founder of Emojipedia, tweeted on Friday. His tweets shoulder that people can find your Facebook profile using the phone number users input for two-factor authentication. The worst part, Burge said, is that you can't opt out.

This comes almost a year after Facebook said it stopped allowing people to search for profiles by phone numbers, and about five months after Gizmodo found that the phone number being used for two-factor authentication was also being provided to advertisers for targeted posts.

The tying of users' phone numbers with targeted advertising and searches puts security and privacy at odds, according to CNET, potentially driving people away from an important feature that protects user accounts from takeovers.

In a tweet from Alex Stamos, Facebook's former chief information officer, Stamos explained that Facebook "can't credibly require 2FA for high-risk accounts without segmenting that from search & ads." 

The company acknowledged the issue, but declined to say whether it planned on keeping two-factor authentication phone numbers and search separated.