Click to Skip Ad
Closing in...

Facebook isn’t doing a great job protecting the phone number you gave it

Published Mar 4th, 2019 9:03PM EST
Facebook 2FA phone numbers
Image: LODI Franck/SIPA/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Well, we all should have seen this coming. Facebook is under fire again for arguably misusing user data, this time related to the phone numbers that many of us provided as a way of adding a two-factor authentication layer to our profiles.

The problem is that Facebook is apparently using those phone numbers for the purpose we intended (account security), but also, well, for other things. Jeremy Burge, who runs the Emojipedia website, called attention to this in a series of tweets in recent days in which he notes that you can now apparently search user profiles via the phone numbers users have provided — and that there seems to be no way for users to tell Facebook to not allow this.

In one of his tweets, Jeremy includes a menu of options from Facebook showing that users do have some choices about who’s allowed to look them up by their phone numbers. For example, you can allow “everyone,” “friends” or “friends of friends.” One option that’s not present, though, is the ability to select “no one” — which would of course prevent anyone from looking you up by your phone number, potentially tying your number to your actual Facebook profile for anyone who wants to search for it.

Here’s Facebook’s former chief security officer weighing in on this issue:

https://twitter.com/alexstamos/status/1101963987602690048

Facebook offered a response about this to TechCrunch, explaining that choosing who can look you up by your phone number isn’t a new setting. Last May, Facebook eliminated the requirement that you set up two-factor authentication via the addition of a phone number — so what’s going on here, in other words, is that once you do add a number, it opens up a variety of ways for Facebook to use it. To be fair, though, anyone who’s upset by this should be aware that Facebook very likely already had their number anyway, via the way it builds out its trove of connections between users — the way, for example, your friends may have uploaded their contacts, including you in that pile.

The other icky thing about this is that, again via a confirmation to TechCrunch, Facebook has acknowledged that it does use phone numbers provided for two-factor authentication to also improve its user ad targeting. The great money-making engine of advertising, in other words, is apparently too important to let a thing like a user’s protectiveness of their phone number get in the way.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.