Facebook Ad Targeting Exploits Users’ 2FA Phone Numbers

Despite facing criticism and a heavy fine, Facebook does not seem to be backing off of its annoying steps. Recently, a story broke the news that Facebook also breaks into users’ privacy limits for ad targeting. Precisely, the service exploits users’ phone numbers used for two-factor authentication during logins for Facebook ad targeting.

2FA Phone Numbers Used For Facebook Ad Targeting

Facebook ad targeting has stretched out to reach users’ phone numbers used for 2FA. The story describes research conducted by various researchers at two US universities. The team of researchers includes Piotr Sapiezynski, Giridhari Venkatadri, and Alan Mislove (Northeastern University), and Elena Lucherini (Princeton University). They conducted a series of experiments that provided evidence regarding Facebook’s exploit of 2FA phone numbers in their paper.

Explaining how it happened, Gizmodo states,

“Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove…. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.”

According to the reporter, Facebook earlier denied tracking these phone numbers for advertising purposes. However, with their experiment, there remains no doubt that Facebook clearly exploits contact numbers shared by the users for security purposes. In fact, Facebook clearly allows marketers to match their customers’ online data (such as email addresses, phone numbers, etc.) with that of Facebook users’ profiles to find potential buyers. In this way, they easily barrage matching profiles with ads. To achieve this goal, Facebook not only mines users’ profile information but also accesses the data obtained from ‘friends’. And now, the extent rises up to reach the security phone numbers.

Facebook Admits Using 2FA Phone Numbers For Marketing

“We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

Besides 2FA phone numbers, Facebook also seems busy in creating “shadow profiles”. That is, profiles of persons not using Facebook. It also uses this data for ad targeting as confirmed by the experiments.

In addition to Facebook, Mislove stated that several other firms also employ similar strategies.

“In describing this work to colleagues, many computer scientists were surprised by this, and were even more surprised to learn that not only Facebook, but also Google, Pinterest, and Twitter all offer related services. Thus, we think there is a significant need to educate users about how exactly targeted advertising on such platforms works today.”

Have you been a victim of Facebook ad targeting in this way? Feel free to share with us your experiences via the comment section below.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil