Skip to main content

Facebook let advertisers target you using two-factor authentication numbers

Josh Edelson/Digital Trends

We finally have some details about the $5 billion settlement between the Federal Trade Commission (FTC) — and exactly how Facebook might have violated your privacy.

The Washington Post reports that the yet-to-be-released complaint that will accompany the settlement focuses on two privacy violations. The first involves Facebook’s two-factor authentication security feature, which allows users to log in and verify their identity through a text message code sent to the phone number that they enter. Allegedly, advertisers used these phone numbers to target Facebook users without their consent. 

The other violation alleges that Facebook misled 30 million users about their ability to turn off a tool that offers tagging suggestions by identifying users in photos. Consumer Reports first reported in May that some Facebook users might lack the ability to turn off facial recognition. As a result, Consumer Reports filed a complaint to the FTC. 

These two violations are expected to be announced on Wednesday through a compliant tied to the settlement from earlier this month, the Post reports. The agreement between the FTC and Facebook requires the social network to submit federal oversight of its business practices to certify that the network is handling user data properly. The $5 billion settlement would be the largest-ever FTC fine against a technology company, dwarfing $22.5 million fine against Google in 2012. That said, it’s just a small chunk of the $55 billion in revenue Facebook made in 2018. 

In the past year, Facebook has come under fire for the way it treats users’ private data. The FTC began looking into Facebook seriously after the 2018 Cambridge Analytica scandal that involved as many as 87 million users’ data. More recent privacy and security flaws that have hit the tech giant include issues with unauthorized adults accessing chats in its Messenger Kids app and a security breach that left 50 million accounts compromised. 

Facebook CEO Mark Zuckerberg said in March that the social network now wants to focus on private interactions and encryption to provide better security for its users. According to the Post, the FTC did not question Zuckerberg himself during the investigation that led to this settlement.

A spokesperson for the FTC declined to comment about the settlement. We also reached out to Facebook and will update this story if we hear back.

Update 7/25: Updated headline to clarify that advertisers could target users based on their two-factor authentication phone numbers, not see the numbers.

Editors' Recommendations