Skip to main content

Facebook Weaponizes Security Feature to Blast Ads at You

The world's largest social network is using the information you give it for two-factor authentication in ways you probably will not like.

Credit: Shutterstock

(Image credit: Shutterstock)

In a statement to TechCrunch this week, a Facebook spokesperson seemingly confirmed that the same mobile phone number you give the company, so that it can text you as part of the two-factor authentication process, is actually being used to serve you customized ads.

"We use the information people provide to offer a better, more personalized experience on Facebook, including ads," a Facebook spokesperson told TechCrunch. "We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

MORE: How to Stop Facebook From Sharing Your Data

The spokesperson added that if you don't want to deal with the ads, you can use another two-factor authentication method instead of your phone number. (We at Tom's Guide recommend Google Authenticator, an Android and iOS app that generates new authentication codes every 30 seconds and which Facebook and many other online services support.)

The comment comes after Gizmodo published a story yesterday (Sept. 27) that detailed how Facebook is apparently using information you're not explicitly handing over to the company for advertising purposes to serve you ads. The researchers specifically found that if you provide your phone number for two-factor authentication purposes, within a couple of weeks, your phone number can be used to target you with ads.

But it's not just that. According to the report, if someone else uploads your phone number to Facebook even if you haven't, that phone number will then become targetable for Facebook ads. The researchers, led by chief author Giridhari Venkatadri, called it "shadow contact information."

If true, the findings could prove to be a problem for Facebook and its users. Two-factor authentication is a security feature that aims at protecting a users' credentials and not allowing hackers to access their accounts. It's an important component in internet security.

But if it's true that Facebook is using phone numbers used in two-factor authentication for advertising purposes, that could result in people being less likely to turn the feature on. And that ultimately could result in more security problems for the social network and its users.