Facebook mobile security loophole lets anyone look up your profile

Joanna Estrada
March 4, 2019

The issue is with Facebook's two-factor authentication tool which allows users to login securely by verifying their identity using a code sent to their smartphone.

Facebook's use of user phone numbers came back into the limelight this week, as many users realized that their account was still discoverable by people searching with their phone number.

Ironically, Facebook's Two-factor authentication does more harm than good.

For years Facebook claimed the adding a phone number for 2FA was only for security.

In other words, people can search for your phone number on Facebook and associate that to your name and other information, even though the goal for which you shared your number with Facebook in the first place was entirely different.

You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile. The most you can now do is limit who can look you up with the phone number you provided to "Friends", but you can't hide it entirely.

"I'm usually one to give benefit of the doubt", Burge said, "but it's so clear Facebook sees phone number as the way to unify its data sets (FB: email, Insta: username, WhatsApp: phone #) and this sort of thing only gives them less credibility when it comes to ever providing a number".

Others joined in the criticism. While it is not the only way to pursue the Two-factor authentication, most of us follow the above way. Last year, the company had pestered users into registering their phone numbers for two-factor authentication.

Worse still is the fact that this option is set to "everyone" by default.

A reporter with The Telegraph was alarmed when her profile could be searched using her phone number which she had never given to Facebook.

Facebook responded to TechCrunch with regards to the look up setting, with spokesperson Jay Nancarrow stating, "the setting applies to any phone numbers you added to your profile and isn't specific to any feature" and that the settings, "are not new". Facebook also acknowledged the concern by stating, "We appreciate the feedback we've received about these settings and will take it into account".

Other reports by Click Lancashire

Discuss This Article