Facebook moves to keep phone numbers for two-factor protection private
Facebook engineers have modified a controversial feature to prevent it from exposing the phone numbers users must provide to receive an additional level of security against account takeovers.
The change, made over the weekend, tweaks a recently added reverse phone number lookup service (which, as you'd expect, allows users to enter an unknown phone number to see who it belongs to). The service no longer includes phone numbers users provide when signing up for two-factor authentication protection known as login approvals. Login approvals require users to provide a one-time password sent to their mobile device when logging into their accounts from new computers or smartphones. Previously, those numbers were automatically included in the reverse lookup database. Users who wanted to avail themselves of the two-factor protection ran the risk of exposing their phone numbers to the world at large or their Facebook friends, depending on how privacy settings were configured.