Facebook is reportedly spamming some users by text, using a cell number they provided only for use in two-factor authentication.
In common with many services, Facebook allows you to protect your account by requiring a code when you first login from a new device. That code is texted to a cell number you provide for the purpose – but a number of users have reported it being used without their permission for notifications about posts by friends …
Software engineer Gabriel Lewis seems to have been the first to report it.
The Verge reports that the issue got more attention thanks to a subsequent series of tweets.
Gizmodo’s Kate Conger found the same thing happening to her, stating that it started when she had a largely unused account.
She said that not only was the spam unwelcome, it was insensitive.
To make matters worse, some people have replied to the spam texts with STOP messages or similar – and these have ended up posted on Facebook.
Replies ending up as comments appears to be a bizarre bug, but the spamming seems intentional.
One minute later, I got a text from my former boss. “Hey did someone break into your FB?” he asked. My rant about two-factor authentication had showed up as a comment on vacation photos he’d posted two weeks ago.
In many countries, misusing a phone number in this way is illegal. In the UK, for example, it would contravene the Data Protection Act. In all countries, it’s at the very least unethical. It’s particularly unwelcome if it discourages people from using 2FA – an important security tool.
Facebook gave the same vague and unsatisfactory statement to both sites.
Photo: Bloomberg
