Facebook Misuses Phone Numbers Intended for Two-factor Authentication

Facebook has been using the phone numbers that you gave them for two-factor authentication for targeted advertisement behind the scenes.

You might be familiar with two-factor authentication, it’s a way to confirm your identity online and a number of social networks and websites use this method. It adds another layer of security to your account and also makes it easier to log in.

In two-factor authentication or 2FA, users supply their phone number to get a special code via text message from a particular website, app, or social network. That code is then sent to that website, to confirm your identity.

Facebook uses 2FA as well and has been doing so over the years, however, the latest report suggests that the social network has been using your number for more than just adding security to your account.

Only in a couple of weeks’ time, your number becomes available to advertisers to display you relevant online ads, after you supplied it for 2FA.

Facebook, disconcertingly, never disclosed this to its users while asking for their phone numbers.

Two academics at two US-based universities carried out researches that detailed how the company uses information, that the user never explicitly agreed to share, for targeted advertisement. Their research made it to a story on Gizmodo after which Facebook confessed that it really was using 2FA numbers this way.

Facebook – Real-Life Evil Corp?

This isn’t the first time Facebook has used contact details of its users, including information that wasn’t personally provided to the company, such as using data from a person’s contacts and other apps in their smartphones. We already detailed the amount of data Facebook has stored on you, and it’s huge.

Another interesting bit is that Facebook users complained they were getting spammed with Facebook notifications on the number they provided for 2FA.

In response, the social network said that it was merely due to a bug, adding that the last thing they want “is for people to avoid helpful security features because they fear they will receive unrelated notifications”, said Alex Stamos, Facebook’s CSO.


Facebook to Grant $20,000 to 6 Pakistani Community Leaders

Yet again, the CSO failed to disclose the behind-the-scenes story of what else the numbers were being used for, to target ads to its users.

A Facebook spokesperson, when contacted on this matter, said that the company merely “repurposes” the numbers provided to it for security purposes for its marketing practices.

We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.

The spokesperson clarified that users can opt-out of getting ads on their numbers by not using Facebook’s 2FA security feature. That’s a surprising statement, coming from an organization that has been under fire for privacy mismanagement.