David Paul Morris | Bloomberg | Getty Images
Mark Zuckerberg, chief executive officer and founder of Facebook, holds his phone after the morning session at the Allen & Co. Media and Technology Conference in Sun Valley, Idaho, July 13, 2018.
Facebook asked users to add their phone numbers as an extra security measure, but now users are learning their numbers are being used as a way to look up their profiles and even target them with ads, without the option to opt out.
TechCrunch first reported the feature after Jeremy Burge, who runs the site Emojipedia, called it out in a tweet on Friday.
While users can hide their phone number from the general public and restrict who can look them up by phone number by switching the setting from “everyone” to “friends of friends” or just “friends,” Facebook does not give the option to get rid of the look-up option entirely. That means if a user’s setting allows “everyone” to look them up by phone number, even a person without a Facebook account could find their page on the site.
The concern around Facebook’s use of phone numbers follows its plans to further integrate its messaging services across Messenger, Instagram and WhatsApp. WhatsApp uses phone numbers as the primary way to set up an account, which could raise privacy concerns for users already surprised by the use of their phone number on Facebook’s other platforms.
Facebook did not immediately respond to CNBC’s request for comment, but a spokesperson told TechCrunch the settings “are not new,” and, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.” Since May 2018, Facebook has removed the requirement of adding a phone number to set up two-factor identification (2FA).
In September, Facebook confirmed to TechCrunch that it uses phone numbers provided for 2FA for ad targeting after Gizmodo reported that numbers provided for 2FA “became targetable by an advertiser within a couple weeks.” Facebook’s former security chief Alex Stamos criticized the practice in a tweet on Saturday, saying “FB can’t credibly require 2FA for high-risk accounts without segmenting that from search & ads.”