The Risk of Your Phone Number in Facebook’s Hands
Threat Level: 4
In today’s social media world, there is a lot that is shared, which leaves very little of people’s lives private. However, how much or how little you want to share is typically under your control. When your private information is leaked out without your knowledge, it can feel like a complete violation of privacy.
Facebook has been found guilty of this invasive act in order to make more money. They take contact information of their users, that has either been given to them for security reasons or not given to them at all, and use it for targeting advertising. Academic researchers from Northeastern University and Princeton University found that Facebook uses phone numbers for targeted advertising in two ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information.
Two-Factor Authentication may be a small factor that contributes to users’ phone numbers being leaked, but it is not the true problem and is not a reason to turn off or avoid 2FA. The problem is the misuse of these phone numbers by Facebook and how they violate their security and privacy expectations. Although there are many types of 2FA, some of which don’t always need a phone number, Facebook doesn’t give that option and requires a phone number for any type of 2FA, which is an outdated approach.
Another way that Facebook is able to get your contact information is through your friends. Even if you never share your phone number directly with Facebook, advertisers still may be able to figure out what belongs to your account based on your friends’ phone books. This “shadow” contact information is not accessible for you to adjust in any sections of your profile, which makes it even more difficult to avoid.
The bottom line is users want their social media accounts to stay as private or as public as they wish. Facebook has been under a lot of scrutiny lately regarding their security and privacy practices, and it is important that they take that extra step to ensure to their users that all of their personal information is secure.
Categorised in: IT Threat
This post was written by Joe Sernio