Facebook Is Using Your Two-Factor Authentication Info To Send You Spam Messages

Mark Zuckerberg lost $3.3 billion from stock fall after announcing a potential Facebook change
A handful of users have now complained about Facebook apparently exploiting their two-factor authentication phone numbers to send spam notifications, but it gets worse than that.   ( Kimihiro Hoshino | AFP/Getty Images )

Facebook is coming under fire for exploiting some users' two-factor authentication info and sending them spam notifications. It's a grotesquely intrusive implementation that might have been persisting for quite some time unnoticed until a software engineer complained about on Twitter.

The engineer, Gabriel Lewis, noticed earlier this week that Facebook was using his phone number — the same one he used for two-factor authentication — to notify him about posts from other people. For the uninitiated, two-factor authentication is a more secure login method that requires input of secondary information rather than just a password alone.

Facebook Allegedly Exploits Two-Factor Authentication To Send Spam

Facebook's spammy implementation appear to go beyond than just sending notifications. If a user replies to the text message with any kind of text, it gets automatically posted to their Facebook profile. Check out Lewis's screenshots to see this in action.

Other users have popped up on Twitter making similar complaints, saying it's not just Facebook that's doing this but also Instagram, which it owns. Lewis says he never opted for any kind of text notifications to begin with.

The issue got some slight traction on Twitter recently after Turkish techno-sociologist Zeynep Tufekci slammed Facebook for forcing user engagement:

"This is how a business model can be so poisonous and harmful. This is unacceptable."

"This is horrible. You give Facebook your phone number for login authentication; instead, it abuses it to SMS spam to drive up 'engagement', and when you reply to spam, is posts it on your wall," she said.

Is It A Bug?

It remains uncertain whether Facebook's spammy behavior is a bug or whether it's a way to deliberately push users to post more often on the site. In any case, the idea of giving Facebook your phone number now seems stupid, given the fact that the company can exploit it willy-nilly. If Facebook is indeed using people's phone numbers and getting them to post without their consent, it could be ample legal grounds for a potential lawsuit.

The company says it's now looking into the issue and assures users that they don't have to use their phone number for two-factor authentication but instead a code generator.

"We give people control over their notifications, including those that relate to security features like two-factor authentication," said a Facebook representative.

Matthew Green, a professor of cryptography at the Johns Hopkins University, also slammed Facebook for exploiting users' phone numbers and claimed that the issue being the result of a bug is "bullsh-t."

"Abusing a security technology like [two-factor authentication] by turning it into a marketing opportunity is pretty much the most short-term clever, long-term foolish thing Facebook could do."

© 2018 Tech Times, All rights reserved. Do not reproduce without permission.

From Our Sponsor

Entropia Universe Allows Players To Earn Real Cash In The Virtual World

Everything in Entropia Universe has real cash value, and the real estate, land and deeds that players invest in are actual investments. The game uses a micropayment system that allows players to buy Project Entropia Dollars (PED), which is used as in-game currency. With a click of a mouse, PED can also be withdrawn from the game and transferred to your bank account using an e-money/e-wallet service like Neteller e-wallet.
Real Time Analytics