New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Facebook is Facing More Scrutiny for Privacy Issues, This Time it Involves 2FA

Something known particularly as an added layer of security is being used as a means of identifying users on Facebook. When users enable 2FA, they commonly provide their phone number in their efforts to further secure their account. It was discovered recently that searching the phone number revealed the identity of the user that it belonged to, as well as suggested friends that have their phone number. Although Facebook disabled their phone-number search function in 2018 after being called out for using the information in advertising campaigns, it is believed the numbers were obtained from Facebook-connected apps like Whatsapp and Messenger. Facebook has released a statement in their defense stating that the issue did not involve 2FA, but instead the “Who can look me up?” option which they say controls how PII can be used in other ways to look users up.

Analyst Notes

If users are concerned about being searched by their phone number, they should remove any apps that are connected with Facebook and could be sharing information. At this time there is no direct way to disable the feature.