Double Trouble: Two-factor authentication on accounts is misused by Facebook

It started with Cambridge data leak, then users faced token access issue by un-known hackers that logged out 50 million users and as if these troubles were not enough, in-comes another report and Facebook has admitted that too.

A few months ago, Facebook implemented its two-factor authentication method for the platform. Facebook used the 2FA method in order to confirm your identity online by adding another layer of security to your account. It was also considered an easier way to log in by the users of the social media platform.

But last week it was revealed that using this tool for offering a more secure way to log in by users is not just the only reason, there is a lot more to that. For a two-factor authentication, users are required to provide their phone number in order to get a special code through a text message.

This message comes from a particular website, app, or the social network. For confirming the identity, the code is then sent to the website. The number of the users becomes visible to the advertisers that display the relevant online ads in a couple of weeks’ time.

A research was carried out on how the company uses the information that a user never clearly agree to share otherwise. For any targeted advertisement, this is strictly not shared by many of the users. Fortunately, the research caught the attention and made it to a story on Gizmodo. After the issue came to the surface, Facebook admitted that the company has been using the two-factor authentications method for the very purpose.

Using contact’s information for their own purpose is not something new; Facebook has done this before such as using data from a person’s contacts and other apps in their smartphones. Also, many users of the social media platform complained about getting spammed with Facebook notifications on the number that they provided for 2FA.

Although the response by the social media platform stated that it was merely due to a bug. According to the Facebook’s spokesperson, the last thing they want people is to avoid the helpful security features because they fear that the unrelated notifications will be received. The company only repurposes the numbers that are provided to it for security purposes of its marketing practices. It states

“The information that is provided is used in order to provide an improved experience to the platform users. Ads are also included for this purpose. The company surely knows how to use the information that is collected. This involves the contact information that is added or uploaded to personal accounts. Any time the users can manage or delete the contact information that has been uploaded by them”. Facebook spokesperson

The users who don’t want to get notifications, they can opt-out of getting ads on their numbers by not using the security feature of the Facebook.

Facebook Comments