Facebook Allows Two-Factor Authentication Phone Number Search

Facebook is once again in the spotlight for all the wrong reasons, after it emerged that it exposes user’s phone numbers that have been used to secure their accounts.

The issue in question concerns two-factor authentication. This typically involves sending a text message with a code to a user’s mobile or landline phone, to provide an extra layer of authentication.

But it seems that Facebook actually links this phone number to the user account, and there is no way to stop anyone obtaining this phone number when they “look up” someone’s Facebook profile.

Searchable number

The issue was highlighted in a report by Techcrunch, which pointed to Twitter user Jeremy Burge, who had pointed out there was no way to disable the searching of these phone numbers.

“For years Facebook claimed the adding a phone number for 2FA was only for security,” Burge tweeted. “Now it can be searched and there’s no way to disable that.”

Indeed, there seems to be no way to opt-out of this, as although Facebook does give a person the ability to hide their phone number on their Facebook profile so nobody can see it, the number can still be harvested.

This is because the number is linked to a user account, so when for example a user decides to “look up” someone else’s profile, they can obtain the phone number.

There is no way to stop this, but users can stop “everyone” looking up their phone number, and can instead limit it to your immediate friend circle.

Indeed, concerned readers are advised to switch their “look up” settings to “friends only” to try and maintain as much privacy as possible.

And to make matters even worse, Burge also pointed out that this data is also shared with WhatsApp and Instagram.

Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are not new,” adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”

Other media reports last year have highlighted when a user gives Facebook a phone number for two-factor, that number is harvested by advertisers.

It should be remembered that Facebook users do not need to use a phone number to engage two-factor authentication. They can use third-party systems, such as Google Authenticator and Duo Security for example.

Expert take

So what do security experts make of this development?

Well at least one expert thinks it is safer to use a third-party authenticator app instead of your phone number.

“At a time when tighter regulations around data privacy are in the spotlight, allowing anyone to search and connect a phone number to a Facebook account might seem a little out of date,” explained Jake Moore, cyber security specialist at ESET.

“Although two-factor authentication is a necessity for individuals in order to help protect their accounts from being hacked, allowing phone numbers to be searched on one of the world’s largest social databases may not be the best idea,” he added.

“Rather than using your phone number for two-factor authentication, it is safer to use an authenticator app which doesn’t send the one time code via SMS, so it protects you and your account even further,” said Moore.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

14 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

15 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

15 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

17 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

20 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

22 hours ago