If you've added your phone number to Facebook for 2FA security, it can be used to search for you

Facebook on mobile in pocket

Facebook has been encouraging users to enable two-factor authentication to boost the security of their accounts, but it turns out that there's a slightly sinister side to this feature.

You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile. But if you've used your mobile number to secure your account with 2FA, even if it is not visible to others, it can still be used to search for you -- and there is no way to opt out of this.

See also:

The point of 2FA is to increase security, so that this privacy hole exists is more than a little troubling. By default, once your mobile number has been added to your account for two-factor authentication purposes, Facebook enables anyone to search for you using it.

While it is possible to take the setting down a couple of notches so only friends, or friends of friends, can search for you in this way, there is no way to disable it entirely. Most people will be completely unaware that Facebook allows private data to be used in this way, and the default setting that is put in place is something that many will be uncomfortable with.

The issue was brought to light on Twitter by Jeremy Burge from Emojipedia:

Burge went on to point out that phone number information is also shared with other Facebook services and advertisers:

He has some simple advice for Facebook users: "TL;DR: Login-with-Phone-Number is the new Login-with-Facebook. Easy to track, shared between services, it's the key to invisible mesh of your data. Don't do it."

It is certainly concerning that a phone number handed over in the name of security could be used for other things, but Facebook says that the settings highlighted "are nothing new", telling TechCrunch that "the setting applies to any phone numbers you added to your profile and isn't specific to any feature".

It is possible to set up 2FA without using a phone number, but this is the most popular, obvious and convenient route taken by users. Facebook says that the search-by-mobile-number option makes it easier to track down people you are not yet friends with on the social network, seemingly oblivious to the fact that this is precisely the point of concern. TechCrunch asked the company if an opt-out option would be added in light of the concern that had been voiced, but Facebook refused to comment on future plans.

Image credit: Anton Garin / Shutterstock

15 Responses to If you've added your phone number to Facebook for 2FA security, it can be used to search for you

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.