The problem here is that users cannot opt out of this feature and anyone with or without an account can look up user profiles just by using their phone numbers. However, it has now been found that Facebook's default settings allow nearly anyone to find a profile by searching the same authentication phone number.
Basically, it allows a user to add their number and then use it to verify every new Facebook login. But this has led to utter chaos as many users received a non-security-related SMS notification after signing up for the two-factor authentication (2FA) security feature. An employee at the emoji-reference websites Emojipedia recently posted a screenshot of the phone number lookup feature, which showed exactly how Facebook is able to collect and use anyone's phone numbers including those used in two-factor authentications.
Meanwhile, Facebook spokesperson Jay Nancarrow has said that the settings "are not new" and that "the setting applies to any phone numbers you added to your profile and isn't specific to any feature".
Facebook gives you the option to limit how people can search for your profile using your personal information.
Facebook confirmed phone numbers may be used to inform ads personalization. "No other entity does this, it's not industry standard, and of course, is yet another way Facebook compromises user information". Thus you can do multi-factor authentication with Facebook: remove the phone-based 2FA and reactivate it using an authenticator app.More news: US House panel launches new probe into Trump White House, campaign, businesses
As Burge noted, Facebook offers no way to disable 2FA phone numbers from being searchable.
So, as you can see, it's very hard to avoid giving Facebook your phone number when everyone from advertisers to high school besties can upload it to the social network with a few taps. Facebook by default wants your number visible which is basic but significant privacy bug.
At the beginning of the year, The New York Timesreported that Facebook planning to further integrate the services. "Now it can be searched and there's no way to disable that", Burge added.
"At a time when tighter regulations around data privacy are in the spotlight, allowing anyone to search and connect a phone number to a Facebook account might seem a little out of date", explained Jake Moore, cyber security specialist at ESET.
Facebook "can't credibly require 2FA for high-risk accounts without segmenting that from search and ads", Stamos tweeted.