Follow us:
  1. Home
  2. News
  3. Cybersecurity News

Facebook hit with criticism over handling of two-factor authentication data

The platform’s security mechanism doesn’t allow users to opt out of being looked up by their phone number

Photo (c) SasinParaksa - Getty Images
Twitter user Jeremy Burge, who runs the website Emojipedia, recently discovered that Facebook users cannot opt out of letting others “look up” their account using the phone number they provided for two-factor authentication (2FA), TechCrunch reports.

Facebook users have been urged to provide their phone number as a way to make it more difficult for unauthorized parties to log in to their account. However, the recent discovery has only intensified concerns stemming from the way Facebook handles user data.

"Facebook 2FA numbers are also shared with Instagram which prompts you 'is this your phone number?' once you add to FB. WhatsApp also shares phone numbers with Facebook. Facebook shares phone numbers with advertisers," Burge wrote in a series of tweets.

"For years Facebook claimed... adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that," Burge added.

“We appreciate the feedback we’ve received about these settings and will take it into account,” a company spokesperson told TechCrunch. Facebook didn’t state whether it plans to change the controversial practice in the future.

Facebook’s latest privacy issue

Although Facebook users cannot hide their phone number completely from other users, its visibility can be hidden from public view by going into the “Settings,” then clicking “Privacy,” then “How People Find and Contact You.” From there, click “Who can look you up using the phone number you provided?” and change the dropdown box from “Everyone” to “Friends.”

The recent discovery regarding Facebook’s handling of users’ phone numbers is just the latest in a string of data-privacy scandals that have rocked the company in recent years.

Last March, the company revealed that personal information on millions of users had fallen into the hands of a political marketing firm called Cambridge Analytica. In October, Facebook announced that a security breach compromised about 30 million login credentials.  

Alex Stamos, Facebook’s former chief security officer, chimed in on the latest privacy concern on Twitter, writing, “there was supposed to be a big project to segregate numbers” while he was there, but ultimately that project didn’t happen.

“This isn’t a mistake now, this is clearly an intentional product choice,” he tweeted.

Take an Identity Theft Quiz

Get matched with an Authorized Partner

    Share your comments