Facebook Isn't Keeping Your 2FA Phone Number Private

Facebook on mobile in pocket

Facebook Isn't Keeping Your 2FA Phone Number Private

This week's wave of criticism was sparked by Jeremy Burge, the editor of emoji reference site Emojipedia.

"Today, the 'Who can look me up?' settings control how your phone number or email address can be used to look you up in other ways, such as when someone uploads your contact info to Facebook from their mobile phone", a Facebook spokesperson explained to The Register on Monday in an email. Then click "Who can look you up using the phone number you provided?" and change the dropdown box from "Everyone" to "Friends". One option that's not present, though, is the ability to select "no one" - which would of course prevent anyone from looking you up by your phone number, potentially tying your number to your actual Facebook profile for anyone who wants to search for it. All you can do is restrict the information to the eyes of your Facebook "friends" or "friends of friends" rather than "everyone".

For years Facebook claimed the adding a phone number for 2FA was only for security.

But by signing up to the feature, a user's phone number becomes linked to their profile.

Users are only given three options: Everyone, Friends of friends, and Friends. Last year, it was discovered that the social network was allowing advertisers to target users by uploading information which Facebook could match against a phone number.

Dailymail.com has reached out to Facebook for comment.

'Now it can be searched and there's no way to disable that'. Burge goes on to point out in a later tweet that the 2FA phone number is also shared with Instagram and triggers a prompt asking "is this your phone number?" when you first add it to Facebook. And, you can't opt-out. Worse, Burge says there's no way to turn it off. Two-factor or 2FA authentication in itself is a great way to ensure someone trying to hack you needs to clear several hurdles before doing so, but Facebook seems to have an ulterior motive for pushing you to better protect your account.

Not mentioned on its help page is the fact that Facebook uses phone numbers for advertising.

'It was shown for MONTHS before a link was added in September 2018 clarifying "actually we'll use this wherever we damn well please"'.

Since 2011, Facebook has asked users for their phone numbers in order to enable "two-factor authentication", a common account security feature that sends a text message whenever a login is attempted.

Latest News