As pointed out by the folks over at TechCrunch, Facebook has now associated the phone numbers entered by users to secure their account with two-factor authentication with their profiles, essentially allowing anyone to look them up using their phone numbers. To make things worse, Facebook is not proving any option to opt out.
See thread! Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security. Putting people at risk. What say you @facebook? https://t.co/9qKtTodkRD
— zeynep tufekci (@zeynep)
The social media giant last year admitted that it used phone numbers to target users with ads and now, it is letting everyone, with or without a Facebook account, to look up a user profile based off the same phone number previously added to their account.
According to a Facebook help article, while users can hide their phone number on their profile, it’s still possible to look up user profiles in other ways, for instance “when someone uploads your contact info to Facebook from their mobile phone”:
Facebook gives users the option of allowing users to “look up” their profile using their phone number to “everyone” by default, or to “friends of friends” or just the user’s “friends.” But there’s no way to hide it completely.
Security expert and academic Zeynep Tufekci said in a tweet: “Using security to further weaken privacy is a lousy move — especially since phone numbers can be hijacked to weaken security”.
Meanwhile, Facebook spokesperson Jay Nancarrow has said that the settings “are not new” and that “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature”.