Facebook is slammed for ‘unconscionable’ security risks after it’s revealed profiles can be looked up using the phone number you use ONLY for two-factor authentication
- Emojipedia founder Jeremy Burge revealed you can be searched by 2FA number
- This is the phone number provided to Facebook for two-factor authentication
- Though it’s intended to make profile secure, experts say this use increases risks
- Facebook makes profiles searchable by email and phone number even if hidden
- Facebook came under fire last year for using 2FA numbers for ad-targeting
Facebook has once again come under fire for its questionable uses of personal information.
A tweet posted this weekend by Emojipedia founder Jeremy Burge revealed a worrying method for looking up specific profiles that most users are unaware of: the phone number you provided for two-factor authentication.
Facebook allows people to search for profiles using phone numbers linked to a particular account, even if you’ve chosen to hide this information from the public. Profiles can also be searched by phone number in the Messenger app.
But, it was not previously clear that this also includes numbers provided to the site only for security reasons.
The shocking revelation comes months after Facebook admitted it was using these phone numbers for targeted ads.
A tweet posted this weekend by Emojipedia founder Jeremy Burge revealed a worrying method for looking up specific profiles that most users are unaware of: the phone number you provided for two-factor authentication
HOW CAN PEOPLE SEARCH FOR YOU?
Facebook gives you the option to limit how people can search for your profile using your personal information.
But, you can’t opt out entirely.
Even if you have your phone number or email address hidden from your profile, these can be used to look you up.
Users are given three options for who can search with this information: Everyone, Friends of friends, and Friends.
In a shocking revelation shared to Twitter in March, Emojipedia founder Jeremy Burge discovered the searchable phone number also includes numbers used only for two-factor authentication.
While Facebook users can limit who is able to search for their profiles using a phone number, you can’t opt out of it entirely.
Users are only given three options: Everyone, Friends of friends, and Friends.
Even for those aware of the ability to look up Facebook users by searching a phone number, it’s come as a shock to find out this also includes the phone numbers in some cases given only for account security.
Dailymail.com has reached out to Facebook for comment.
‘For years Facebook claimed the adding a phone number for 2FA [two-factor authentication] was only for security,’ Burge tweeted.
‘Now it can be searched and there’s no way to disable that.’
‘Facebook 2FA numbers are also shared with Instagram which prompts you “is this your phone number?” once you add to FB,’ Burge added.
-
Three new species of mammal that lived 300 years ago are…
How to access Facebook’s secret ‘Dark Mode’: Firm launches…
‘Elixir of immortality’ is discovered in China for the first…
Destroying life-ending asteroids headed for Earth will be…
Share this article
Facebook allows people to search for profiles using phone numbers linked to a particular account, even if you’ve chosen to hide this information from the public. Profiles can also be searched by phone number in the Messenger app. And, you can’t opt-out.
While Facebook users can limit who is able to search for their profiles using a phone number, you can’t prevent it entirely. Users are only given three options: Everyone, Friends of friends, and Friends
To make matters worse, Burge claims users were not initially told that their phone number could be used for anything other than security purposes.
A screenshot of the two-factor authentication prompt states: ‘Add your phone number to help secure your account and more.’
But according to Burge, this addendum only came within the last few months.
‘The original FB phone number prompt never mentioned “and more,” Burge adds.
‘It was shown for MONTHS before a link was added in September 2018 clarifying “actually we’ll use this wherever we damn well please.”’
Many Facebook users were reluctant to use their phone number for two-factor authentication, despite the firm’s insistence – a concern that further deepened amid numerous data scandals and reports from users who were sent ‘non-security related’ texts after signing up for the feature.
Security experts have slammed Facebook for a move that could put users at greater risk despite its promise of heightened security
Even for those aware of the ability to look up Facebook users by searching a phone number, it’s come as a shock to find out this also includes the phone numbers in some cases given only for account security
The firm introduced a way to use third-party authentication apps in lieu of phone numbers in May 2018. Before then, a phone number was the only mandatory option.
Academics and privacy experts have slammed Facebook for a move that could put users at greater risk despite its promise of heightened security.
‘Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security,’ tweeted Dr Zeynep Tufecki, a security researcher and columnist for the New York Times.
‘Phone number is such a private, important security link. But Facebook will even let you be targeted for ads through phone numbers INCLUDING THOSE PROVIDED *ONLY* FOR SECOND FACTOR AUTHENTICATION,’ Tufecki added in a follow-up tweet.
‘Messing with 2FA is the anti-vaccination misinformation of security. Unconscionable.’
Source: Read Full Article