Enabling two-factor authentication (2FA) with your phone number would seem like a given for anyone concerned about their online security and privacy. But Facebook has found a way to use even that against its users.
Users are complaining that the phone number Facebook hassled them to use to secure their account with two-factor authentication has also been associated with their user profile—which anyone can use to “look up” their profile.
Worse, Facebook doesn’t give you an option to opt-out.
Last year, Facebook was forced to admit that after months of pestering its users to switch on two-factor by signing up their phone number, it was also using those phone numbers to target users with ads. But some users are finding out just now that Facebook’s default setting allows everyone—with or without an account—to look up a user profile based off the same phone number previously added to their account.