Facebook Accused of Misusing Two-Factor Auth for SMS Spam

<pre>Facebook Accused of Misusing Two-Factor Auth for SMS Spam

The phone number Facebook requests “/>

It seems as though Facebook is abusing the trust of security-conscious users of the social network a bid to increase engagement. At least, that's the thesis of being made by software engineer Gabriel Lewis, who has the proof to back it up.

As The Verge reports, Facebook allows you to set up two-factor authentication (2FA) on your account to add an extra layer of security. In order to do that, though, Facebook requires you to supply a phone number.

So I signed up for 2 factor auth on Facebook and they used it as an opportunity to spam me notifications. Then they posted my replies on my wall. ?? pic.twitter.com/Fy44b07wNg?

– Gabriel Lewis ?? (@Gabriel__Lewis) February 12, 2018

What Lewis discovered when it was enabled 2FA was that Facebook assumed it was acceptable to then use his number to send SMS messages. Even worse than that, though, attempting to respond to those text messages.

Clearly, when you enable 2FA the focus is on security and you do not expect to automatically have your phone number opened up as a new engagement channel for Facebook. There was no opt-in or even opt-in, it was simply triggered by enabling 2FA.

Is this a bug or a feature? If it's a feature, then Facebook could be facing another lawsuit with violations of the Telephone Consumer Protection Act. I say another as one is already underway regarding the sending of unauthorized birthday reminder text messages.


Source link