By FnF Correspondent | PUBLISHED: 04, Mar 2019, 19:20 pm IST | UPDATED: 04, Mar 2019, 19:20 pm IST
Delhi: Two-factor authentication(2FA) is an additional layer of security used by many popular apps like Facebook, Instagram, and WhatsApp to ensure that your account is safe from unknown access. While the feature is said to make your account more secure across the web, the case is different for Facebook's 2FA.
According to a new Tech Crunch report, Facebook allows anyone to look up user profiles using the phone number entered for the 2FA. Emojipedia executive Jeremy Burge, who first spotted the flaw, said that Facebook has no option to hide phone number from everyone and this leaves the number exposed to everyone.
For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that," Burge said in his tweet. He also said that Facebook shares the 2FA number with Instagram which automatically prompts a message to confirm your phone number when you link your Instagram to Facebook.
Facebook's 2FA has been under the privacy scanner since last year. Last year there were reports that a number of people were receiving random SMS notifications after giving their phone number for 2FA. Facebook later acknowledged the bug and fixed it. It was later also known that Facebook was using phone numbers to target ads. According to a Gizmodo report, when a user gives his or her phone number for 2FA to Facebook, the phone number is used by advertisers to target ads. A Facebook executive confirmed the website that the company uses information provided by people "to offer a more personalised experience, including showing more relevant ads."