Facebook has once again landed itself in hot water, and this time for turning a privacy-centric feature like two-factor authentication (2FA) into a snooping tool. As per a Techcrunch report, users have complained that anyone can “look up” their account because they used their phone number to enable 2FA for safeguarding their accounts. For someone who doesn’t want to be found using their phone number, this is bad news since there is no option to even disable it or opt out. The default setting by Facebook enables everyone, even those who do not have a Facebook account, to find people by searching via phone number and this is possible even if someone has hidden their number on their profile.
This comes after Gizmodo last year reported that once a user uses their phone number for 2FA on Facebook, it “became targetable by an advertiser within a couple of weeks.” While there is an option to set up 2FA using third-party authenticator apps, there is no option to opt out in case you have set up 2FA on Facebook using your number as the visibility option can only be set between Friends, Friends of friends or Everyone. Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are not new,” adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”
This is not the first time Facebook has messed up when it comes to privacy as a recent privacy bug on Facebook made private posts of around 14 million users public. The social media platform was also previously reported to have shared users personal data with 60 smartphone makers, including four China-based companies. Facebook accepted that it had shared data with Huawei, Lenovo, Oppo and TCL.