Facebook Isn’t Keeping Your 2FA Phone Number Private

Facebook’s privacy problems never end. The latest edition of Facebook and it’s poor handling of users data involves phone numbers used to actually protect your Facebook account.

The company lets users enable two-factor authentication to add an extra layer of security to their account using their phone numbers, but that phone number is being used in other ways, too. As first noticed by Twitter user Jeremy Burge, the company is using your 2FA number to let anyone look your account up with your phone number:

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

https://twitter.com/jeremyburge/status/1101402001907372032

By default, the feature lets anyone search your account with your phone number, which is a major privacy problem. Just because someone has your phone number does not mean they should be able to look you up on Facebook and find your account, so you can imagine all the different problems surrounding this issue.

And what’s even worse is that Facebook does a poor job at informing users how their 2FA number is used for other parts of the service. And Facebook also doesn’t provide users with a way to completely turn off the lookup feature, even though it had said back in 2018 that the featured had been disabled.

A Facebook spokesperson simply told TechCrunch how the feature is not new, and how it affects all other phone numbers that you add on your Facebook account, not just the number you use for 2FA.

Still, Facebook’s ignorance towards features like this just goes to show the company’s view on sensitive user data. It’s almost like the “Facebook doesn’t care about your privacy” idea is becoming increasingly more accurate by the month.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 13 comments

  • Daekar

    04 March, 2019 - 3:26 pm

    <p>It's like they're not even trying. </p><p><br></p><p>It blows my mind people still use this service. There is practically nothing it offers that can't be achieved on other platforms, some of which are FAR more secure and offer more control.</p>

    • mattbg

      Premium Member
      04 March, 2019 - 3:31 pm

      <blockquote><em><a href="#408941">In reply to Daekar:</a></em></blockquote><p>Facebook privacy is becoming like Donald Trump in some ways – there's almost no story you can write about Facebook privacy that would surprise anyone anymore.</p><p><br></p><p>I wouldn't be surprised if these stories just fly over the head of anyone that has already decided they'll keep using Facebook. Hopefully if something extremely serious does come about then the media will give it the sustained attention it deserves.</p>

    • hrlngrv

      Premium Member
      04 March, 2019 - 3:40 pm

      <p><a href="https://www.thurrott.com/cloud/social/201378/facebook-isnt-keeping-your-2fa-phone-number-private#408941&quot; target="_blank"><em>In reply to Daekar:</em></a></p><blockquote>. . . <em>some</em> of which are FAR more secure . . .</blockquote><p>Shouldn't that be <strong>most</strong>?</p>

      • wright_is

        Premium Member
        05 March, 2019 - 12:46 am

        <blockquote><em><a href="#408945">In reply to hrlngrv:</a></em></blockquote><p>Yes, but just not Armour Games, Tinder, Yahoo, AOL, Marriott… The list goes on and on.</p>

  • orbsitron

    04 March, 2019 - 4:09 pm

    <p>mattbg wrote on the "Premium Comments" side, that…</p><p>"…Hopefully if something extremely serious does come about then the media will give it the sustained attention it deserves."</p><p><br></p><p>Matt, while I appreciate what you are saying here – that Facebook is not being scrutinized or held accountable to the degree that they should (and I largely agree with you on that point), the end deosn't justify the means.&nbsp;&nbsp;</p><p><br></p><p>We should <strong>_never_</strong> hope something extremely serious happens.</p><p><br></p><p>Instead, I'm hoping a few things:</p><p>1) That the appropriate scrutiny and accountability begin to take place.</p><p>2) Facebook begins to improve their policies and behavior.</p>

    • mattbg

      Premium Member
      04 March, 2019 - 4:15 pm

      <blockquote><em><a href="#408949">In reply to orbsitron:</a></em></blockquote><p>I wasn't hoping that something serious would happen. I was hoping that IF something extremely serious happened in relation to Facebook privacy, the media would pay due attention and focus on it for more than a single article squeezed in between stories about the latest Fortnite update.</p><p><br></p><p>Facebook stories seem to come and go. If you blink you might miss it in your news feed. This wasn't always the case, but there are now so many incremental Facebook concerns that it has become this way.</p>

      • wright_is

        Premium Member
        05 March, 2019 - 12:49 am

        <blockquote><em><a href="#408951">In reply to mattbg:</a></em></blockquote><p>The problem is, there have been dozens of serious things that have happened in terms of Facebook privacy, but they quickly get swept under the carpet. </p><p>Just look at Max Schremms, when was the last time his cases were even mentioned in the press?</p><p>This phone number 2FA is a clear breach of GDPR, yet it is being handled quietly at the moment.</p>

  • A_lurker

    04 March, 2019 - 8:00 pm

    <p>Just because I have someone's phone number does not mean they want me to have access to their account. There are many reasons why I might have your phone number. </p>

  • kjb434

    Premium Member
    04 March, 2019 - 9:07 pm

    <p>Thank god I never willingly gave them my number or access to my contacts. After uninstalling their apps on all platforms, I found I only look at Facebook through a browser (behind Pi-Hole and Ublock Origin) about once a month. </p>

  • wright_is

    Premium Member
    05 March, 2019 - 12:43 am

    <p>Under GDPR, it is illegal to use the telephone number (or any personal information) for any other purpose than the one that the user explicitly signed up for. </p><p>If the user signed up for 2FA and Facebook is using it to allow people to search for the number and link it to a Facebook account, that is illegal. </p><p>A worse offence would be if they sold the telephone numbers to third parties or for advertising… Oh, wait, they are using it for advertising.</p>

  • locust infested orchard inc

    05 March, 2019 - 6:35 am

    <p>Surely the headline should read, "Facebook isn’t keeping any of their users' private information, private" ?</p><p><br></p><p>This news is hardly surprising, for it was only a matter of time before the lack of privacy given to the users' 2FA number surfaced (and other numbers naively divulged by the user to Fakebook, according to a Techcrunch article having been approached by a Fakebook spokesperson).</p><p><br></p><p>It makes me wonder if a similar situation may become to exist with WhatsApp, after Fakebook inevitably commences the loosening of security of the 2014 acquired comms platform.</p><p><br></p><p>Fakebook is essentially imploding from within with its continual desire to make $$$$$ from the selling of users' data.</p>

  • markbyrn

    Premium Member
    05 March, 2019 - 9:01 am

    <p>So if you goto the Contact and Basic Info settings and set each phone number to "only me", somebody can still look it up? </p>

  • Greg Green

    05 March, 2019 - 7:31 pm

    <p>It’s like they’re not even trying. They’re either really clueless or they just don’t care. I have a very low opinion of FB but this still shocks me.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC