Facebook seems to have a tough time these days. Facebook’s two-factor authentication system seems to be the current target. Two Factor Authentication(2FA) is considered to provide an added layer of security when you log in to your Facebook Account, however, is said to post auto-replies on users Facebook profiles without their consent. As noticed by Gabriel Lewis the Bay Area software engineer at Facebook, the number that he used for 2FA, was the same number that Facebook used for notifying him about the friends’ posts.
It was noticed that when replying to these messages with messages like Don’t text me or Please stop, it ended up posting them on your Facebook profile page.
It has been confirmed that users who use 2FA have been spammed by Twitter and Facebook. Both the Social Media Platforms have used users phone number to send spam notifications. Lewis also confirmed that he never opted for mobile notifications.
In a tweet by Zeynep Tufekci, a technology critic and sociologist he criticized Facebook’s illegitimate ways of gaining user engagement.
It’s not the first time that Facebook has been spamming its users by sending messages. Earlier too, it was reported that Facebook used to send birthday reminders to its users even when they never opted for text message notifications. According to Telephone Consumer Protection Act, or TCPA, no company has the right to use users contact number to contact them via notification or text messages unless opted for. Owing to all these unauthorized activates, Facebook faced much of legal complications.
Till now it is not confirmed whether the recent deeds are a bug or it has been done deliberately by Facebook. If the latter is true and Facebook is using the 2FA to trap users, Facebook is going to face a lot number of lawsuits.
It is still not confirmed by the company whether the auto notifications were a bug or it was done intentionally. Currently, Facebook says it is considering the matter and also that users who wish to use the Facebook Two-Factor Authentication can choose for the 6-digit code instead of providing their mobile numbers.