Facebook on Thursday confirmed that advertisers were privy to phone numbers given by members of the social network for enhanced security. A study by two US universities, first reported by news website Gizmodo, found that phone numbers given to Facebook for two-factor authentication were also used to target advertising.
Two-factor authentication is intended to enhance security by requiring a second step, such as entering codes sent via text messages, as well as paasswords to get into accounts Phone numbers added to profiles, for security purposes, or for messaging were potential fodder for advertisers, according to the study.
"These findings hold despite all the relevant privacy controls on our test accounts being set to their most private settings," researchers said in the study, which looked at ways advertisers can get personally identifying information (PII) from Facebook or its WhatsApp and Messenger services. Contact lists uploaded to Facebook platforms could be mined for personal information, meaning that people could unintentionally help advertisers target their friends.
"Most worrisome, we found that phone numbers uploaded as part of syncing contacts - that were never owned by a user and never listed on their account - were in fact used to enable PII-based advertising," researchers said in the study. The study supported concerns that Facebook uses "shadow" sources of data not given to the social network for the purpose of sharing to make money on advertising. "We use the information people provide to offer a better, more personalized experience on Facebook, including ads," a spokeswoman said in response to an AFP inquiry about the study findings.