Something known particularly as an added layer of security is being used as a means of identifying users on Facebook. When users enable 2FA, they commonly provide their phone number in their efforts to further secure their account. It was discovered recently that searching the phone number revealed the identity of the user that it belonged to, as well as suggested friends that have their phone number. Although Facebook disabled their phone-number search function in 2018 after being called out for using the information in advertising campaigns, it is believed the numbers were obtained from Facebook-connected apps like Whatsapp and Messenger. Facebook has released a statement in their defense stating that the issue did not involve 2FA, but instead the “Who can look me up?” option which they say controls how PII can be used in other ways to look users up.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased