Facebook allows anyone to look up users based on their 2FA phone number

Written 2 weeks ago by IanDorfman

Facebook is the subject of yet another privacy controversy today, with multiple people reporting the fact that you cannot stop the social network from doing something rather dubious: You cannot remove the option for others to look up your profile based on the phone number you use for two-factor authentication sign in. Since this itself is a security measure, there is a tinge of irony in the fact that enabling something to make your account more secure makes it more susceptible to being discovered by others.

Twitter users Jeremy Burge and Zeynep Tufekci posted their findings on Twitter, showcasing that the number Small Facebook iconFacebook assured its users would only be used to enable the additional layer of account security that two-factor authentication provides is now usable to search for you on the social network. The most private this can get is to restrict lookup to your Facebook friends, but there is no way to eliminate the option completely.

In addition to this lookup feature, Burge also shared that Facebook-owned Small Instagram iconInstagram will also see this number and ask if it is yours when you sign in on the site.

The only feedback that Facebook has given as of this writing is the following statement made a spokesperson to TechCrunch:
“We appreciate the feedback we’ve received about these settings and will take it into account.”

Further coverage:
Fast Company
Motherboard
TechCrunch