Facebook moves to keep phone numbers for two-factor protection private

Facebook logoFacebook engineers have modified a controversial feature to prevent it from exposing the phone numbers users must provide to receive an additional level of security against account takeovers.

The change, made over the weekend, tweaks a recently added reverse phone number lookup service (which, as you'd expect, allows users to enter an unknown phone number to see who it belongs to). The service no longer includes phone numbers users provide when signing up for two-factor authentication protection known as login approvals. Login approvals require users to provide a one-time password sent to their mobile device when logging into their accounts from new computers or smartphones. Previously, those numbers were automatically included in the reverse lookup database. Users who wanted to avail themselves of the two-factor protection ran the risk of exposing their phone numbers to the world at large or their Facebook friends, depending on how privacy settings were configured.

A Facebook spokesman on Sunday told Ars the change is temporary. Engineers are in the process of creating a system that will allow people who sign up for login approvals to opt in or out of the reverse lookup feature.

The change comes after a researcher created a program that allowed people to cycle through tens of thousands of phone numbers to identify the names of each corresponding owner. Facebook engineers responded by vastly reducing the number of queries a given account holder could make in a given time period. But even then, the researcher said he was able to procure 300 results before being locked out of his account for 24 hours. Other researchers also criticized the rate limit as being ineffective.

The reverse lookup feature still provides results for numbers that are included in users' account profiles, and by default, the names of the number holders are provided to all Facebook users. Those who want to restrict that ability only to Facebook friends must change default configurations included in the Facebook privacy settings.

Source: Ars Technica

Tags: Facebook, social networks

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
The new 64-bit version of Firefox will be optimized to run on these computers for better performance
 
Google is expanding the Pixel 3’s eSIM support to a few new countries
 
And fortunately, it won’t be an iPhone X-like notch
 
Qualcomm Technologies has shown on the path to commercialization of 5G
 
It will be embracing Chromium in the development of the browser
 
The new OLEDs will be on display at CES 2019 in Las Vegas early next year
 
Quintuple-app strategy offers "a simpler and more unified communications experience"
 
Google's other mobile SDK is deemed ready for prime time
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
3031     




Poll

Do you use microSD card with your phone?
or leave your own version in comments (11)