Facebook has recently agreed to stop using phone numbers to recommend friends that are fed into Facebook’s two-factor authentication system. In 2018, it was revealed that Facebook uses phone numbers that user’s have updated on Facebook for the two-step verification process. As reported by Reuters, Facebook stops using phone numbers provided for security reasons and this will come into full effect globally, by next year.
As it is already known, nowadays, most sites are using two-factor authentication to trigger OTP generation and redirect it to the phone numbers of the users to secure their social accounts and merchant site accounts from getting hacked easily.
But it was brought to light last year that Facebook was utilizing these contact numbers to power their “People You May Know” feature. This feature is designed to identify and make Facebook recommendations whom you might want to add to your Facebook friends list.
This feature usually functions in the following way to track down users who might be known to you:
- It will suggest those people in the feed with whom you have many mutual friends on Facebook’s platform.
- It will also suggest people with whom you have been tagged in photos.
- It will also suggest those Facebook users with whom you share a common group or network like school, college, or workplace.
- But it is not just limited to the above-described ways. Additionally, Facebook also identifies people who have saved your phone number in their contacts list. It is a two-way process in which it first identifies your contacts by accessing the address book of your phone. Secondly, it detects which of those people have your phone number saved with them, and then, it updates the feed of your account accordingly to make relevant Facebook friend’s suggestions.
Last year, security researchers and privacy advocates slammed Facebook for using the phone numbers deceptively. They also pointed out that this would decrease the faith of people in the two-step verification process, as many might even refrain from using it in the fear of exposing their phone number.
Facebook has been charged by the US Federal Trade Commission (FTC), a $5bn settlement amount. Facebook agreed to stop using member’s security phone numbers for suggesting friends in Cambodia, Ethiopia, Libya, Pakistan, and Ecuador in the upcoming few days. The global implementation is completed by 2020.
For those who already have the two-factor authentication in effect, they would have to disable it and then erase their phone numbers from the Facebook account. Then, they would need to set it up again to only make the two-factor authentication feature functional.
Another recent report from Comparitech and security researcher Bob Diachenko revealed another data breach incident associated with Facebook. User Ids, phone numbers, and names of 267 million Facebook users have been recently discovered online on a database which was estimated to have remained exposed for two weeks before it was detected by researchers.
This is reported to be a freely accessible database from where the numbers and names of those unfortunate Facebook customers could be retrieved and used for sending spam SMS and phishing messages. Apparently, the personal data of those users have also been posted on the hacker forum for downloading purposes.
Facebook has issued a statement saying, “We are looking into the matter but believe that this could be a previously obtained information before we made changes to enhance data privacy on Facebook.”
For users who have public profiles, they can turn on privacy settings to safeguard their data until such issues are resolved for once and all.