14 DAY TRIAL // Facebook has implemented a system which prevents users from searching for their friends based on the phone numbers they have provided for the two-factor authentication process.
Security researcher Suriya Prakash has found that the names and phone numbers of Facebook customers could have been easily harvested because of a faulty privacy setting and because the company failed to limit the rate of numbers that could be searched.
After the story broke out, Facebook limited the search rate to prevent the misuse of the search function.
Now, the company took it even further. They made sure that only the phone numbers provided by members on the Contact Info section could be looked for, Computerworld reports.
The ones provided by customers as part of the two-factor authentication system would remain hidden, at least for now.
Facebook plans to integrate a new system that will allow customers to choose if they want the information to be available in searches or not.
The details of the system they’re working on have not been made available, but experts hope that two separate entries will be implemented for two-factor authentication and profile contact number.
“If Facebook treats 2FA and contact numbers separately, it'll be up to you whether you put the same number in both places,” said Paul Ducklin, Sophos's head of technology, Asia Pacific.
“But you ought to be able to specify one number for your security codes that will part of your login security configuration, and another number for your voice calls that will form part of your public profile. And, while Facebook is coding the GUI, it might as well warn you (and require you to opt in) before it lets you set the same number for both,” he added.