Facebook users searchable by phone number for two-factor authentication

Facebook users searchable by phone number for two-factor authentication

"For years, Facebook claimed that adding a phone number for 2FA was only for security", Burge tweeted.

For now, if you don't want people to be able to find your Facebook profile using your phone number (or email address), you can limit that setting to just Friends here. "Facebook sets the phone number lookup setting to 'Everyone" by default.

Using phone numbers for two-factor authentication is common online, with users being sent a code via SMS, for instance, to identify that it's really them.

And what's even worse is that Facebook does a poor job at informing users how their 2FA number is used for other parts of the service.

"In April 2018, we removed the ability to enter another person's phone number or email address into the Facebook search bar to help find someone's profile", a company spokesperson stated.


The debate on Facebook's real objective behind collecting phone number started with a tweet from Jeremy Burge, who exposed how the phone number could be used to look up your profile on Facebook. That linking allows anyone to search for a Facebook profile using the phone number. Last May, Facebook eliminated the requirement that you set up two-factor authentication via the addition of a phone number - so what's going on here, in other words, is that once you do add a number, it opens up a variety of ways for Facebook to use it. For example, users could upload their mobile phone contacts to Facebook to search for friends or message a phone number on the Messenger app. After adding the number Burge was unable to hide it, and it can be searched. Facebook is leaving no stone unturned to monetize its users, it even misused numbers of its users shared for security. The company uses that unique ID, since it's tied to you, and can use it to sell ads, much as it does with everything else it knows about you.

To cap it off, Burge suggests this new reliance on the phone number is Facebook's reaction to data regulations like GDPR.

Academics and privacy experts have slammed Facebook for a move that could put users at greater risk despite its promise of heightened security. Somewhat ironically, the newest controversy surrounding Facebook's dubious practices focuses on something that's not entirely new.

Under "Added Security", click to remove your phone number. Before then, a phone number was the only mandatory option. Two-factor or 2FA authentication in itself is a great way to ensure someone trying to hack you needs to clear several hurdles before doing so, but Facebook seems to have an ulterior motive for pushing you to better protect your account.

Related Articles