Facebook Is Spamming Users Via Their 2FA Phone Numbers (mashable.com)

← Back to Stories (view on slashdot.org)

Facebook Is Spamming Users Via Their 2FA Phone Numbers (mashable.com)

Posted by BeauHD on Wednesday February 14, 2018 @12:20PM from the dirty-tricks dept.

According to Mashable, Facebook account holder Gabriel Lewis tweeted that Facebook texted "spam" to the phone number he submitted for the purposes of 2-factor authentication. Lewis insists that he did not have mobile notifications turned on, and when he replied "stop" and "DO NOT TEXT ME," he says those messages showed up on his Facebook wall. From the report: Lewis explained his version of the story to Mashable via Twitter direct message. "[Recently] I decided to sign up for 2FA on all of my accounts including FaceBook, shortly afterwards they started sending me notifications from the same phone number. I never signed up for it and I don't even have the FB app on my phone." Lewis further explained that he can go "for months" without signing into Facebook, which suggests the possibility that Mark Zuckerberg's creation was feeling a little neglected and trying to get him back. According to Lewis, he signed up for 2FA on Dec. 17 and the alleged spamming began on Jan. 5. Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."

71 of 119 comments (clear)

Min score:

Reason:

Sort:

If this is a shock to you. by Anonymous Coward · 2018-02-14 12:24 · Score: 2, Insightful

You are a moron and just the sort facebook loves.
1. Re: If this is a shock to you. by Anonymous Coward · 2018-02-14 14:26 · Score: 1
  
  Exactly. Delete Facebook and change your cell number while you're at it.
  I have two numbers. One which all the whatsapp muppets have and other is private. No cloud sync, no numbers even in the phone book.
2. Re: If this is a shock to you. by OolimPhon · 2018-02-14 22:15 · Score: 1
  
  You do know that Facebook owns Whatsapp?
3. Re: If this is a shock to you. by guruevi · 2018-02-15 01:38 · Score: 1
  
  Ah, you mean like a Rolodex.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
4. Re: If this is a shock to you. by DCFusor · 2018-02-15 04:44 · Score: 1
  
  *I* don't even know the phone number for the one built into my car...
  It's still handy to order pizza when I'm on the way home and 20 min from the make-to-order place.
  I don't want incoming calls. My time "out and about" is MY time. I don't need distraction just because someone else is bored or wants to sell me something. Try email if you want to get in touch with me.
  
  --
  Why guess when you can know? Measure!
Users misunderstood what Facebook's 2FA stood for by JoeyRox · 2018-02-14 12:24 · Score: 5, Funny

It's short for We don't give "two fucks, asshole".
Why? by duke_cheetah2003 · 2018-02-14 12:27 · Score: 1

Am I not surprised?
SPAM away Facebook--the more, the better by Anonymous Coward · 2018-02-14 12:31 · Score: 1

May the hammer drop soon on Facebook, I chortle gleefully since I'm not on FB.
1. Re:SPAM away Facebook--the more, the better by viperidaenz · 2018-02-14 14:01 · Score: 2
  
  Don't worry, they probably already have a shadow profile of you.
2. Re: SPAM away Facebook--the more, the better by infolation · 2018-02-15 01:41 · Score: 2
  
  "Hammer" would be the opposite of spammer, right?
  Break it down.... STOP!
  
  Spammertime.
Duh by DogDude · 2018-02-14 12:32 · Score: 5, Insightful

What kind of idiot would give their phone number to Facebook? Seriously... who would do this? Facebook is a company that makes money from selling your personal information to anybody who'll pay them. What kind of person thinks that giving a company like this a phone number is a good idea?

--
I don't respond to AC's.
1. Re:Duh by lokedhs · 2018-02-14 12:44 · Score: 5, Insightful
  
  It's highly likely that they already have your phone number. Most Facebook users happily share their address book with them, and as long as any of them has your phone number, they will trivially link it to you.
2. Re:Duh by Anonymous Coward · 2018-02-14 13:04 · Score: 2, Insightful
  
  It's highly likely that they already have your phone number.
  Exactly. You can have no direct involvement with FB but people who do will give data about you to FB. The chance they don't have your phone number is roughly zero.
  Not only that but for most people they also have your facial biometrics, because you will at some point be in a photo that someone uploads to FB (unless you haven't left your basement in the last 10 years). You don't even have to be tagged for them to work out who you are.
  In fact, recently, your face doesn't even have to be visible for them to figure it out. They are developing ways to recognize people in photographs from other cues, like posture, body shape and size, and so on.
  Facebook Can Now Identify You in Pictures Even Without Your Face Showing "...even when you hide your face, you can be successfully linked to your identity..."
3. Re:Duh by MobyDisk · 2018-02-14 14:34 · Score: 4, Insightful
  
  Back in 2000, when the "i love you" trojan was harvesting people's address books, everyone was up in arms. Microsoft's reputation for security was damaged for a decade, IT managers had to start educating people about trojans and spear-phishing. Today, everyone expects that software harvests their personal information without asking and doesn't seem to care. How far we have fallen.
4. Re:Duh by Anonymous Coward · 2018-02-14 15:21 · Score: 1
  
  Is why I haven't given my phone number to eBay or Gmail or Facebook or anyone else with the claim that "it will secure your account". I also won't give it to Home Depot, Target, or (now defunct) Radio Shack when they ask for your phone number "to help with returns". Because you know sooner or later the marketers are going to steal the whole phone number database and abuse it. Corporations cannot be trusted with personal data. /warranty cards
5. Re:Duh by jcr · 2018-02-14 15:48 · Score: 4, Funny
  
  Microsoft's reputation for security was damaged for a decade
  I have to take exception to that. Microsoft never had any reputation for security in the first place.
  -jcr
  
  --
  The only title of honor that a tyrant can grant is "Enemy of the State."
6. Re:Duh by thegarbz · 2018-02-14 21:09 · Score: 1
  
  What kind of idiot would give their phone number to Facebook?
  Why wouldn't you? Ever heard of a phone book? I think my phone number is plastered pretty much all over the internet. That's generally how a communications medium like a phone works.
7. Re:Duh by houghi · 2018-02-15 01:19 · Score: 1
  
  I remember when that happened. The IT department told everybody in the company to close their PC and go home. Most department did. We just dualbooted into BeOS and Linux and kept going. COO called me to close and I told him no. Fun times. (Yes, I still had a job after that)
  That was the first time something like that happened on such a large scale.
  Since then we have had many scares, but we got used to it.
  If the boy who cries wolf has it right every time, the result is the same as when he is wrong every time. We tend to ignore it after a while.
  
  --
  Don't fight for your country, if your country does not fight for you.
8. Re:Duh by Gr8Apes · 2018-02-15 02:11 · Score: 1
  
  Ever heard of a phone book? I think my phone number is plastered pretty much all over the internet. That's generally how a communications medium like a phone works.
  Last I checked, my number isn't in the phone book, and has never been there. That's on purpose, of course.
  
  --
  The cesspool just got a check and balance.
9. Re:Duh by thegarbz · 2018-02-16 01:17 · Score: 1
  
  Cool. That makes you part of the 0.001% of the population who gives a damn.
This is why [Re:If this is a shock to you.] by XXongo · 2018-02-14 12:34 · Score: 5, Insightful

Yes, this is EXACTLY why I never gave FB my phone number for TFA despite how many times they tell me how secure it will make me.
They already know it, of course-- they hoover up information from everywhere. But they can't officially admit that they know it.
1. Re:This is why [Re:If this is a shock to you.] by nospam007 · 2018-02-14 23:39 · Score: 1
  
  "Yes, this is EXACTLY why I never gave FB my phone number for TFA despite how many times they tell me how secure it will make me."
  I didn't even give them my name, my email address nor a password.
2. Re:This is why [Re:If this is a shock to you.] by Gr8Apes · 2018-02-15 02:05 · Score: 1
  
  You don't have FB blackholed?
  
  --
  The cesspool just got a check and balance.
Re:Users misunderstood what Facebook's 2FA stood f by Anonymous Coward · 2018-02-14 12:46 · Score: 2, Informative

As someone who is very good with password hygiene and also uses a VPN, I've basically had 2FA forced down my throat. I am definitely suspicious that this was just a way to track me more easily under the guise of security.
Re:Duh -- blame your friends by blahbooboo · 2018-02-14 12:46 · Score: 2

Unfortunately people give permission to Facebook to "look for friends" by sharing their address book (Linked In does this as well). If you're in the address book, guess what? LinkedIn, Facebook, Instagram, etc now have a complete list of all your information thanks to your friends.
This is how you get the "magical" friend/contact suggestions in these services.
Quit by Moof123 · 2018-02-14 12:47 · Score: 4, Insightful

Seriously, if you barely sign on anyway, just quit.
1. Re:Quit by gijoel · 2018-02-14 14:26 · Score: 1
  
  They'll probably just nagged him via text to rejoin. It's what social media does.
2. Re:Quit by Solandri · 2018-02-14 15:26 · Score: 2
  
  Will quitting make them forget your phone number?
  
  The only winning move is not to play.
3. Re:Quit by Bender+Unit+22 · 2018-02-14 18:12 · Score: 4, Insightful
  
  You can check out any time you want, but you can never leave.
4. Re:Quit by Calydor · 2018-02-14 19:31 · Score: 2
  
  If all of my friends, many of whom I consider smart and reasonable people, suddenly and inexplicably decided to jump off a bridge all at once, I would quickly reach the conclusion they knew something I did not and that jumping off the bridge was deemed safer than staying on it.
  So yes.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
5. Re:Quit by amalcolm · 2018-02-14 21:09 · Score: 1
  
  Kudos for the Hotel California quotation
  
  --
  Time for bed, said Zebedee - boing
begging by fluffernutter · 2018-02-14 12:51 · Score: 2

I have never given Facebook my phone number, nor have I ever installed the app. Somehow they are texting me and BEGGING me to come back. It's kind of funny.

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
1. Re:begging by john+of+sparta · 2018-02-14 13:03 · Score: 1
  
  FB sends stuff to you since are linked.
2. Re:begging by 110010001000 · 2018-02-14 14:35 · Score: 1
  
  Probably many people on your friends list uploaded their address book to Facebook. Now they have your number (and whatever else).
3. Re:begging by Oswald+McWeany · 2018-02-15 01:47 · Score: 1
  
  I have never given Facebook my phone number, nor have I ever installed the app. Somehow they are texting me and BEGGING me to come back. It's kind of funny.
  I never get any e-mails from Facebook (I wonder if I have them blocked and I forgot I blocked them). In the past I have signed up using temporary e-mail addresses and a VPN, just so I could check things out, fake name, and never logged back in with that account. They won't let me do that anymore, they ask for a phone number before I can sign up.
  
  --
  "That's the way to do it" - Punch
The original user is an idiot by Etcetera · 2018-02-14 13:10 · Score: 4, Informative

I can virtually guarantee that he was confused and enabled his mobile number as "the" mobile number on his Facebook account when setting up 2FA. (In fact, I'd be surprised if Facebook allowed a distinct 2FA number that hadn't already be validated as belonging to you to be set.)
As for why it showed up on his wall, maybe if he used Facebook more he'd realize that that's a feature. Send an SMS to the 5 digit SMS code and it will be interpreted as a FB Status update (unless it matches another string, like poking a user using a distinct notification number).
It's rarely used nowadays because a majority of folks probably use the app, but if you want to update via text message that's how you do it.
Ticket closed: PEBCAK (and stop whining)

--
Hire a Linux system administrator, systems engineer,
1. Re:The original user is an idiot by cmseagle · 2018-02-14 20:59 · Score: 1
  
  Likelihood of "PEBCAK" increased by the fact that he wrote Facebook as "FaceBook."
Doesn't surprise me at all. by QuietLagoon · 2018-02-14 13:12 · Score: 1, Informative

This is the main reason why I did not give Facebook a 2FA phone number the dozens of times I was prompted to do so. If Facebook wanted it that badly, I suspected it was not for my own benefit (i.e., I was the product being sold) It just seemed to me that they would either spam me directly or sell the number to advertisers or both.
More likely reasons for 2FA: by VeryFluffyBunny · 2018-02-14 13:34 · Score: 3, Insightful
Let's try to come up with more likely explanations as to why Facebook, Google, et al. want our phone numbers so badly:
- + If they have your phone number they can identify your phone and track you more accurately (They also buy this data from the telcos)
- + They can also tie your account to your bank account (that you use to pay your phone bill) and tie that to your data that they bought from credit card companies.
- + Erm... what more can we come up with?
--
Debate is a form of harassment. Do not question my truth.
1. Re:More likely reasons for 2FA: by FormOfActionBanana · 2018-02-14 13:37 · Score: 3, Funny
  
  Correlate you with all the prostitutes and drug dealers who saved your phone number on their phones.
  
  --
  Take off every 'sig' !!
2. Re:More likely reasons for 2FA: by FormOfActionBanana · 2018-02-14 13:39 · Score: 1
  
  AND correlate your identity with whatever micropenis nickname those people used for you.
  
  --
  Take off every 'sig' !!
3. Re:More likely reasons for 2FA: by viperidaenz · 2018-02-14 14:04 · Score: 2
  
  If you have an Android phone with Google Play, Google already know your phone number.
  If you have a Facebook app installed, Facebook already know it too.
4. Re:More likely reasons for 2FA: by hankwang · 2018-02-14 19:22 · Score: 1
  
  Is that so? I don't think GSM phones (with SIM) can see their own phone number, similar to how you can't see your IP address when you're behind a NAT.
  My (EU, SIM) Android phone, in settings / about phone / status shows "phone number: unknown".
  
  --
  Avantslash: low-bandwidth mobile slashdot.
5. Re:More likely reasons for 2FA: by tlhIngan · 2018-02-14 20:33 · Score: 2
  
  Is that so? I don't think GSM phones (with SIM) can see their own phone number, similar to how you can't see your IP address when you're behind a NAT.
  My (EU, SIM) Android phone, in settings / about phone / status shows "phone number: unknown".
  Yes they can. It's a basic command to the modem, actually. Most phones will retrieve and show the local phone number as a convenience (because there are people who do not know their own phone number - after all, how often are you calling yourself?).
  Every phone I've had, from the lowliest Nokia dumbphone back in the days to modern smartphones show your phone number. Heck, I remember it documented in the manual because well, you forget.
  If you want to know, the command is "AT+CNUM" to get the local subscriber number. It is optional, and it depends on the SIM. Optional in the modem does not have to support the command (it may just return OK), and depends on the SIM to have your number programmed into the phonebook (normally done during activation). Sometimes during SIM activation the phone number isn't programmed in by the operator in which case it too will return just OK. Otherwise you get +CNUM="+phonenumber"\r\nOK\r\n
6. Re: More likely reasons for 2FA: by bucky0 · 2018-02-14 20:41 · Score: 1
  
  > I mean, it's not like facebook provide identity services, allowing a facebook login to be used for accessing other services run by third parties. If they offered that service, things might be different.
  They do.
  
  --
  
  -Bucky
7. Re:More likely reasons for 2FA: by jawtheshark · 2018-02-14 21:30 · Score: 2
  
  Well, the answer is thus: SIM cards know their number when it's programmed into the SIM. By default they do not know their number.
  I thought they knew by default and I found out "the hard way" that it isn't so. I bought a cheap pre-paid card to use in one of my UMTS modems. Interestingly I did not get the number when buying the SIM. I suspect it was written on the receipt, which I threw away when I bought it. Given I had trouble sending SMS using smstools, I wanted to try sending SMS to it, and when I realized I didn't have the number, I tried the above CNUM command. Obviously it didn't work, then I stuck it in my iPhone (big mistake: it messes with your iMessage configuration if you switch SIMs!) and the iPhone said "unknown". At least now I could call someone and get the number. I then set it into the "My Phone Number" feature and now the CNUM also works. (Interestingly, for the SMS problem it was SMSC that wasn't set correctly. How the eff that is possible, I don't understand. That's really something that should be preset. Finding the SMS Centre for the provider was not easy either)
  Lessons learned: SIMs do not know their numbers by default and ask the damned phone number when you buy a new SIM.
  
  --
  Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
8. Re:More likely reasons for 2FA: by jawtheshark · 2018-02-15 01:34 · Score: 1
  
  Interesting. Doesn't seem to be available in my country, but thank you nevertheless.
  
  --
  Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
9. Re:More likely reasons for 2FA: by viperidaenz · 2018-02-15 08:30 · Score: 1
  
  It's up to your operator if they populate that information on the sim card.
  If they want to they can update it remotely.
10. Re:More likely reasons for 2FA: by jawtheshark · 2018-02-15 09:06 · Score: 1
  
  It's up to your operator if they populate that information on the sim card.
  If they want to they can update it remotely.
  Yes, but it means you can't assume it's there (or not there). There is no well defined default.
  
  --
  Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
You're probably getting tired of hearing it but.. by Narcocide · 2018-02-14 13:38 · Score: 3, Insightful

I told you so.
Re:The day by ColdWetDog · 2018-02-14 13:41 · Score: 2

No one is surprised that Facebook and its ilk are slime is the day we can claim victory. At this point we are all just fodder for their ultimately fruitless Frankenstein 'AI' experiments. They understand nothing. Welcome to AOL 2.0, and I have no doubt they will meet the same fate. Suck it, AI dweebs.
Well if that's the case can we at least get some CD-ROMs? They were marginally useful.

--
Faster! Faster! Faster would be better!
Re:Users misunderstood what Facebook's 2FA stood f by AHuxley · 2018-02-14 14:02 · Score: 3, Interesting

The A is for ads.

--
Domestic spying is now "Benign Information Gathering"
Re:The day by Raistlin77 · 2018-02-14 14:15 · Score: 1

You're in luck! You can buy AOL CD-ROMs on Amazon:
https://www.amazon.com/AMERICA-ONLINE-5-0-HOURS-PLASTIC/dp/B00X2W631I
Full stop by JustAnotherOldGuy · 2018-02-14 15:11 · Score: 2

"Facebook Is Spamming Users..."
That's all I needed to read, everything beyond that is just detail.
Of course Facebook Is spamming you, THAT'S WHAT THEY DO.

--
Just cruising through this digital world at 33 1/3 rpm...
WTF is 'perviserating' by Anonymous Coward · 2018-02-14 15:33 · Score: 1

... And what's with all this perviserating from people ...
And what the fuck do you mean by 'perviserating' ??/.
1. Re:WTF is 'perviserating' by mukinrestak · 2018-02-14 18:12 · Score: 2
  
  When we have no idea what word you meant to use, that's YOUR fault, not AC's.
2. Re:WTF is 'perviserating' by Calydor · 2018-02-14 19:28 · Score: 1
  
  I'm saying English isn't my primary language, so I Googled the word 'perviserating' and got no useful results.
  Now what? Should I sign up for a mind-reading class?
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
3. Re:WTF is 'perviserating' by Calydor · 2018-02-14 20:22 · Score: 2
  
  Not that 'perseverating' is in my vocabulary either, but here's a screengrab of my Google search for 'perviserating'. Can you point out where it corrects the word?
  https://imgur.com/a/zXQKF
  Please do keep calling me a liar just because Google reacts differently in different countries.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
4. Re:WTF is 'perviserating' by Oswald+McWeany · 2018-02-15 01:44 · Score: 1
  
  No one likes a Spelling Nazi, you people are worse than Hitler.
  No... not really. Hitler was quite a bit worse than Spelling Nazis. You should read a history book.
  
  --
  "That's the way to do it" - Punch
5. Re:WTF is 'perviserating' by Anonymous Coward · 2018-02-15 02:08 · Score: 1
  
  Funniest thread I've read in weeks. Thanks.
6. Re:WTF is 'perviserating' by Obfuscant · 2018-02-15 14:08 · Score: 1
  
  Hitler was quite a bit worse than Spelling Nazis. You should read a history book.
  Spelling nazis are in charge of editing the history books. Revisionist history favors those with the power of the press.
7. Re:WTF is 'perviserating' by Oswald+McWeany · 2018-02-16 03:16 · Score: 1
  
  Hitler was quite a bit worse than Spelling Nazis. You should read a history book.
  Spelling nazis are in charge of editing the history books. Revisionist history favors those with the power of the press.
  Are yew tellin' me it woz really the grammar Nazis that coursed the holocaust?
  
  --
  "That's the way to do it" - Punch
trickery by Tom · 2018-02-14 18:15 · Score: 3, Informative

Possible user errors aside, why would you ever willingly give your phone number or any other personal details not strictly necessary to a company in the business of selling your personal data ???
It should be obvious to an idiot that for FB, 2FA is just a welcome excuse to get you to give up your phone number, which of course they will immediately turn around and sell.
Honestly, you have to be stupid not to spot that.

--
Assorted stuff I do sometimes: Lemuria.org
1. Re:trickery by houghi · 2018-02-15 01:27 · Score: 1
  
  The way they do opt-out and opt-in makes it not actually human error most of the time.
  "Are you not unwilling to not have the unicluded number not be absent form the undisplaying non-information or do you exclude wanting the anti-opposite?" or sometjng similar with a default yes or no selected at almost random.
  Yes it is there, but it will be there in such a way that the majority of the people select what the company wants, not what the user wants. And they will present it over and over again, till you have selected what they want you to select. Then suddenly the option is off.
  Legally it is user error, morally it is company error.
  
  --
  Don't fight for your country, if your country does not fight for you.
Re: Duh -- blame your friends by nnull · 2018-02-14 20:23 · Score: 1

As with any data in any industry, accurate data is valuable.
This is what the GDPR is about by Alain+Williams · 2018-02-14 20:54 · Score: 2

The up coming General Data Protection Regulation says, amongst many other things, that data must only be used for the purpose that it is obtained and can only be used with the explicit permission of the individual. Hopefully scum-bags like facebook will change once they have had a few fines of 2% of the annual worldwide turnover.
Non-Story by Latentius · 2018-02-14 23:20 · Score: 1

The title makes it sound like a widespread problem, but it looks like this has only happened to a single person. Honestly, seems like some idiot user accidentally turned on a notification feature and then was upset when it did what he told it to do. Just because he wasn't aware of what he did or how he could easily stop it doesn't really make it a scandal.
Not so fast... by chill · 2018-02-15 01:41 · Score: 3, Interesting

(Logging in to repeat my anonymous post)
I received several SMS messages like this, from half-a-dozen numbers, a week or two ago. There were maybe 20 messages over a 1 hour period.
Here's the thing. I don't have a Facebook account. I did, once, about 10 years ago. I cancelled it after only about a month, and that was long before they implemented 2FA. And it was also long before I had my current phone number. This number has never been given to Facebook for anything, at least not by me.
I thought they were a scam of some sort, and just ended up blocking the numbers as spam in my messaging client (Signal).

--
Learning HOW to think is more important than learning WHAT to think.
1. Re:Not so fast... by Koreantoast · 2018-02-15 04:16 · Score: 1
  
  Maybe it was the previous owner of your phone number? Or even worse, someone using your number as a fake filler for their own account?
This could be fun by SScorpio · 2018-02-15 05:51 · Score: 1

Am I reading that right. Sending a text to Facebook will show the post on their page?
It's pretty easy to spoof where an SMS came from. This could be fun.
Annoying but NOT surprising .... by King_TJ · 2018-02-15 07:20 · Score: 1

I, too, refused to ever provide FB with my phone number - even though it prompts regularly to add it.
I'm finding that increasingly, "free" services online that ask for your cell number DO use the info for marketing purposes.
For example? I know many people who noticed that right after they started playing that HQ Trivia game on their phones, they started receiving a lot of scam and solicitation calls on their number. I definitely did.