Friday March 22, 2019
Home Lead Story Facebook Secu...

Facebook Security Feature Revealed Users’ Phone Number to Others

Facebook "can't credibly require 2FA for high-risk accounts without segmenting that from search and ads", Stamos tweeted

0
//
Facebook, photos
This photograph taken on May 16, 2018, shows a figurine standing in front of the logo of social network Facebook on a cracked screen of a smartphone in Paris. VOA

Facebook is facing backlash over its secure login process two-factor authentication (2FA) where it asked users to add phone numbers, which can be searched by advertisers.

The security feature — meant solely to authenticate your identity on the social media platform – may have left your phone number open for others to see, even to advertisers to bombard you with their ads, USA Today reported on Monday.

The debate was initiated by Jeremy Burge, who runs the website Emojipedia, saying numbers added to use two-factor authentication were now searchable.

“Facebook 2FA numbers are also shared with Instagram which prompts you ‘is this your phone number?’ once you add to FB. WhatsApp also shares phone numbers with Facebook. Facebook shares phone numbers with advertisers,” said Burge in a series of tweets.

“For years Facebook claimed… adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that,” Burge added.

Last September, Gizmodo reported that Facebook also uses security information to target adverts.

Facebook, data, vietnam
This photo shows a Facebook app icon on a smartphone in New York. VOA

In a statement to the Guardian, Facebook said it has been receiving questions about two-factor authentication and phone number settings on Facebook.

“Two-factor authentication is an important security feature, and last year we added the option to set it up for your account without registering a phone number. Separately, the ‘Who can look me up?’ settings are not new and are not specific to two-factor authentication,a the statement read.

Also Read- Microsoft Planning to Combine Mixed Reality with Smartphones

“In April 2018, we removed the ability to enter another person’s phone number or email address into the Facebook search bar to help find someone’s profile.”

The 2FA security practice also drew criticism from Facebook’s former chief information security officer Alex Stamos.

Facebook “can’t credibly require 2FA for high-risk accounts without segmenting that from search and ads”, Stamos tweeted. (IANS)

Next Story

Experts Urging Users to Change their Facebook Passwords and Turn on Two-Factor Authentication

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way

0
Facebook
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way. Pixabay

After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cybersecurity experts are urging users to change their passwords and turn on the two-factor authentication (2FA).

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.

facebook
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords. Pixabay

“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.

Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.

“While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error,” said John Shier, Senior Security Advisor at Sophos.

“This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA),” Shier said. Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.

facebook
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added. Pixabay

Facebook also asked people to change their passwords “out of an abundance of caution”.

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.

ALSO READ: New Zealand PM Jacinda Ardern Receives Death Threats on Social Media

“Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don’t use your Facebook password for any other login, particularly for personal/professional email accounts or online banking,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

“It is also a good practice to log out whenever not using Facebook, even on mobile devices,” Katkar added. (IANS)