Facebook’s been using your two-factor authentication phone number for ad targeting

Facebook 2FA

Following a Gizmodo report this week alleging Facebook is giving advertisers access to your shadow contact information, the firm’s confirmed that it’s been using the phone number registered with their two-factor authentication (2FA) system in order to target you with ads.

Alex Stamos, Facebook’s former security chief, said in a blog post a few months ago that a bug led to some folks getting spammed with notifications to the number they provided for 2FA.

Stamos apologized to the affected customers, saying “it was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused.”

“We are working to ensure that people who sign up for two-factor authentication won’t receive non-security-related notifications from us unless they specifically choose to receive them, and the same will be true for those who signed up in the past,” he wrote.

However, just a few days ago Gizmodo confirmed that Facebook still appeared to have been happy to repurpose the same security feature for ad targeting.

A Facebook spokesperson told TechCrunch today:

We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.

Gizmodo has discovered that Facebook was doing this even if the mobile number was provided only for use with 2FA to login to Facebook.

TUTORIAL: How to add trusted phone numbers to 2FA for your Apple ID

Unfortunately, Facebook isn’t. making the issue any easier by instructing unhappy users to opt-out of this ad targeting by not using phone number with the 2FA system.

Sadly, this unethical behavior seems to be business as usual for the social networking giant.