Facebook is facing backlash over its secure login process two-factor authentication (2FA) where it asked users to add phone numbers, which can be searched by advertisers.
The security feature – meant solely to authenticate your identity on the social media platform – may have left your phone number open for others to see, even to advertisers to bombard you with their ads, USA Today reported on Monday.
The debate was initiated by Jeremy Burge, who runs the website Emojipedia, saying numbers added to use two-factor authentication were now searchable.
“Facebook 2FA numbers are also shared with Instagram which prompts you ‘is this your phone number?’ once you add to FB. WhatsApp also shares phone numbers with Facebook. Facebook shares phone numbers with advertisers,” said Burge in a series of tweets.
“For years Facebook claimed…adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that,” Burge added.
Last September, Gizmodo reported that Facebook also uses security information to target adverts. In a statement to the Guardian, Facebook said it has been receiving questions about two-factor authentication and phone number settings on Facebook.
“Two-factor authentication is an important security feature, and last year we added the option to set it up for your account without registering a phone number. Separately, the ‘Who can look me up?’ settings are not new and are not specific to two-factor authentication, a the statement read.
“In April 2018, we removed the ability to enter another person’s phone number or email address into the Facebook search bar to help find someone’s profile.”
The 2FA security practice also drew criticism from Facebook’s former chief information security officer Alex Stamos.
Facebook “can’t credibly require 2FA for high-risk accounts without segmenting that from search and ads”, Stamos tweeted.