large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Facebook’s admits that two-factor authentication flaw was caused by a bug

Facebook has once again been dragged into the firing line – but this time it isn’t the dreaded News Feed at fault, but rather the platform’s two-factor authentication (2FA) system. 

Facebook user Gabriel Lewis took to Twitter earlier this week to vent his frustration that the network was using the mobile number he provided for two-factor authentication to serve tailored SMS notifications without his consent.

There doesn’t appear to be a way to opt out of the notifications, either. Lewis never registered to receive them in the first place, so flicking the toggle didn’t work, and replying to the message automatically posted the response to his profile.

Related: How to delete your Facebook account

Facebook is embroiled in a number of class-action lawsuits over violations of the Telephone Consumer Protection Act, which – as noted by The Verge – states that a company is prohibited from contacting you without first being granted permission.

If the firm is found to have developed the SMS feature as a way to drive engagement, it could be on the receiving end of a slew of additional lawsuits. As it stands, however, Big F is playing the hoo-ha off as a bug that it’s looking into.

“I am sorry for any inconvenience these messages might have caused,” wrote Facebook’s Chief Security Officer – and former Chief Information Security Officer at Yahoo! – Alex Stamos in a blog post published on Saturday, February 17.

“We are working to ensure that people who sign up for two-factor authentication won’t receive non-security-related notifications from us unless they choose to receive them, and the same will be true for those who signed up in the past.”

“We expect to have the fixes in place in the coming days. To reiterate, this was not an intentional decision; this was a bug.”

Have you noticed a similar issue? Let us know over on Facebook or Twitter @TrustedReviews. 

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.