OK, when you saw that little request from Facebook, to give them your telephone number (purely for security reasons,) you thought “They say they will not share the info, but this is Facebook, an organisation that has never knowingly told the public the truth. They’re having a laugh aren’t they?
Well no they weren’t, the world’s biggest and possibly most successful criminal organisation were scamming to into giving information they could sell to telephone sales companies who cold call and con old ladies and vulnerable people into buying crap they don’t want.
A group of academic researchers from Northeastern University and Princeton University, along with Gizmodo reporters, have run tests and gathered empirical evidence to demonstrate how Facebook’s latest deceptive practice works. They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information.
First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)
But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.