Facebook Lets Anyone View Your Profile Using Your Phone Number

James Marshall
March 5, 2019

According to Alex Stamos, Facebook's former chief security officer, the antisocial network at one point planned to segregate phone numbers provided for 2FA from phone numbers provided for other purposes, but that now no longer seems to be the case. Last year, it was discovered that the social network was allowing advertisers to target users by uploading information which Facebook could match against a phone number.

Twitter user Jeremy Burge pointed out, in a thread, that phone numbers could be searched, with "no way to disable" the feature. Worse, Burge says there's no way to turn it off. And now, as security researcher and New York Times columnist Zeynep Tufekci, Facebook is using users' security phone numbers to allow anyone-even people without a Facebook account-to look up a user by their phone number.

A reporter with The Telegraph was alarmed when her profile could be searched using her phone number which she had never given to Facebook. While it is not the only way to pursue the Two-factor authentication, most of us follow the above way.

The news comes from Jeremy Burge, the man behind Emojipedia.

The firm introduced a way to use third-party authentication apps in lieu of phone numbers in May 2018.

The other icky thing about this is that, again via a confirmation to TechCrunch, Facebook has acknowledged that it does use phone numbers provided for two-factor authentication to also improve its user ad targeting. Don't confuse what's going on here with hiding your phone number from your profile, that still won't prevent people from searching for you using your number.

Facebook a year ago amended its solicitation to submit a phone number with a link explaining that the number would be used for other purposes.

As SMS become the more convenient method of adapting to 2FA, companies ranging from social media platforms to telcoms have started exploiting phone numbers for search and ads and it's imperative to switch to Authenticator apps - the true 2-factor authentication.

To be fair, though, anyone who's upset by this should be aware that Facebook very likely already had their number anyway, via the way it builds out its trove of connections between users - the way, for example, your friends may have uploaded their contacts, including you in that pile.

The company lets users enable two-factor authentication to add an extra layer of security to their account using their phone numbers, but that phone number is being used in other ways, too.

Other reports by

Discuss This Article