Facebook Allows Two-Factor Authentication Phone Number Search

Facebook is once again in the spotlight for all the wrong reasons, after it emerged that it exposes user’s phone numbers that have been used to secure their accounts.

The issue in question concerns two-factor authentication. This typically involves sending a text message with a code to a user’s mobile or landline phone, to provide an extra layer of authentication.

But it seems that Facebook actually links this phone number to the user account, and there is no way to stop anyone obtaining this phone number when they “look up” someone’s Facebook profile.

Searchable number

The issue was highlighted in a report by Techcrunch, which pointed to Twitter user Jeremy Burge, who had pointed out there was no way to disable the searching of these phone numbers.

“For years Facebook claimed the adding a phone number for 2FA was only for security,” Burge tweeted. “Now it can be searched and there’s no way to disable that.”

Indeed, there seems to be no way to opt-out of this, as although Facebook does give a person the ability to hide their phone number on their Facebook profile so nobody can see it, the number can still be harvested.

This is because the number is linked to a user account, so when for example a user decides to “look up” someone else’s profile, they can obtain the phone number.

There is no way to stop this, but users can stop “everyone” looking up their phone number, and can instead limit it to your immediate friend circle.

Indeed, concerned readers are advised to switch their “look up” settings to “friends only” to try and maintain as much privacy as possible.

And to make matters even worse, Burge also pointed out that this data is also shared with WhatsApp and Instagram.

Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are not new,” adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”

Other media reports last year have highlighted when a user gives Facebook a phone number for two-factor, that number is harvested by advertisers.

It should be remembered that Facebook users do not need to use a phone number to engage two-factor authentication. They can use third-party systems, such as Google Authenticator and Duo Security for example.

Expert take

So what do security experts make of this development?

Well at least one expert thinks it is safer to use a third-party authenticator app instead of your phone number.

“At a time when tighter regulations around data privacy are in the spotlight, allowing anyone to search and connect a phone number to a Facebook account might seem a little out of date,” explained Jake Moore, cyber security specialist at ESET.

“Although two-factor authentication is a necessity for individuals in order to help protect their accounts from being hacked, allowing phone numbers to be searched on one of the world’s largest social databases may not be the best idea,” he added.

“Rather than using your phone number for two-factor authentication, it is safer to use an authenticator app which doesn’t send the one time code via SMS, so it protects you and your account even further,” said Moore.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

11 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

14 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

15 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

16 hours ago