Facebook Is Spamming Users Via Their 2FA Phone Numbers

According to Mashable, Facebook account holder Gabriel Lewis tweeted that Facebook texted "spam" to the phone number he submitted for the purposes of 2-factor authentication. Lewis insists that he did not have mobile notifications turned on, and when he replied "stop" and "DO NOT TEXT ME," he says those messages showed up on his Facebook wall. From the report: Lewis explained his version of the story to Mashable via Twitter direct message. "[Recently] I decided to sign up for 2FA on all of my accounts including FaceBook, shortly afterwards they started sending me notifications from the same phone number. I never signed up for it and I don't even have the FB app on my phone." Lewis further explained that he can go "for months" without signing into Facebook, which suggests the possibility that Mark Zuckerberg's creation was feeling a little neglected and trying to get him back. According to Lewis, he signed up for 2FA on Dec. 17 and the alleged spamming began on Jan. 5. Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."

Users misunderstood what Facebook's 2FA stood for

[JoeyRox]

It's short for We don't give "two fucks, asshole".

Duh

[DogDude]

What kind of idiot would give their phone number to Facebook? Seriously... who would do this? Facebook is a company that makes money from selling your personal information to anybody who'll pay them. What kind of person thinks that giving a company like this a phone number is a good idea?

Re:Duh

[lokedhs]

It's highly likely that they already have your phone number. Most Facebook users happily share their address book with them, and as long as any of them has your phone number, they will trivially link it to you.

Re:Duh

[MobyDisk]

Back in 2000, when the "i love you" trojan was harvesting people's address books, everyone was up in arms. Microsoft's reputation for security was damaged for a decade, IT managers had to start educating people about trojans and spear-phishing. Today, everyone expects that software harvests their personal information without asking and doesn't seem to care. How far we have fallen.

Re:Duh

[jcr]

Microsoft's reputation for security was damaged for a decade

I have to take exception to that. Microsoft never had any reputation for security in the first place.

-jcr

This is why [Re:If this is a shock to you.]

[XXongo]

Yes, this is EXACTLY why I never gave FB my phone number for TFA despite how many times they tell me how secure it will make me.

They already know it, of course-- they hoover up information from everywhere. But they can't officially admit that they know it.

Quit

[Moof123]

Seriously, if you barely sign on anyway, just quit.

Re:Quit

[Bender+Unit+22]

You can check out any time you want, but you can never leave.

The original user is an idiot

[Etcetera]

I can virtually guarantee that he was confused and enabled his mobile number as "the" mobile number on his Facebook account when setting up 2FA. (In fact, I'd be surprised if Facebook allowed a distinct 2FA number that hadn't already be validated as belonging to you to be set.)

As for why it showed up on his wall, maybe if he used Facebook more he'd realize that that's a feature. Send an SMS to the 5 digit SMS code and it will be interpreted as a FB Status update (unless it matches another string, like poking a user using a distinct notification number).

It's rarely used nowadays because a majority of folks probably use the app, but if you want to update via text message that's how you do it.

Ticket closed: PEBCAK (and stop whining)

More likely reasons for 2FA:

[VeryFluffyBunny]

Let's try to come up with more likely explanations as to why Facebook, Google, et al. want our phone numbers so badly:

• + If they have your phone number they can identify your phone and track you more accurately (They also buy this data from the telcos)
• + They can also tie your account to your bank account (that you use to pay your phone bill) and tie that to your data that they bought from credit card companies.
• + Erm... what more can we come up with?

Re:More likely reasons for 2FA:

[FormOfActionBanana]

Correlate you with all the prostitutes and drug dealers who saved your phone number on their phones.

You're probably getting tired of hearing it but..

[Narcocide]

I told you so.

Re:Users misunderstood what Facebook's 2FA stood f

[AHuxley]

The A is for ads.

trickery

[Tom]

Possible user errors aside, why would you ever willingly give your phone number or any other personal details not strictly necessary to a company in the business of selling your personal data ???

It should be obvious to an idiot that for FB, 2FA is just a welcome excuse to get you to give up your phone number, which of course they will immediately turn around and sell.

Honestly, you have to be stupid not to spot that.

Not so fast...

[chill]

(Logging in to repeat my anonymous post)

I received several SMS messages like this, from half-a-dozen numbers, a week or two ago. There were maybe 20 messages over a 1 hour period.

Here's the thing. I don't have a Facebook account. I did, once, about 10 years ago. I cancelled it after only about a month, and that was long before they implemented 2FA. And it was also long before I had my current phone number. This number has never been given to Facebook for anything, at least not by me.

I thought they were a scam of some sort, and just ended up blocking the numbers as spam in my messaging client (Signal).