Facebook said to use people's phone numbers for ad targeting

Millions affected by Facebook security breach

Facebook is reportedly using phone numbers provided by its users to make their accounts more secure as a way to sell ads. 

The social-media giant is using phone numbers provided in two-factor authentication, or the security measure when services ask consumers to provide two pieces of data to verify their identity. Often, this is a code texted to the user on their mobile phone. But Facebook is reportedly using those numbers to better target consumers with ads, according to TechCrunch. 

Facebook didn't immediately return a request for comment. The company also on Friday revealed a security breach in which 50 million user accounts were accessed by hackers exploiting a bug that affected its popular "View As" feature and another 40 million accounts were at risk of hacking before Facebook intervened to stop it.   

Facebook has grown to a $480 billion company based on its advertising prowess. Because its 2 billion users share their data with the service, it sells advertisers the ability to micro-target consumers, like reaching all Boston-area men in their 20s who like bicycling. 

The company may also rely on information that consumers may not be aware is being tapped to sell ads, such as security phone numbers and  "shadow information" gleaned about you from friends' accounts, Gizmodo reports. Alan Mislove of Northeastern University and other researchers discovered that numbers provided to Facebook in two-factor authentication became targeted by advertisers within a matter of weeks, Gizmodo noted. 

The service is also reportedly selling ads based on so-called "shadow information," or data it collects on users by scraping information from their friends' accounts.

"I think that many users don't fully understand how ad targeting works today: that advertisers can literally specify exactly which users should see their ads by uploading the users' email addresses, phone numbers, names+dates of birth, etc," Mislove told Gizmodo. 

The reports raise more questions about Facebook's use of consumer data and privacy protections, which came to a head earlier this year when a whistleblower disclosed that political consulting firm Cambridge Analytica had gained unauthorized access to data from millions of Facebook accounts. 

Consumers can authenticate their Facebook accounts without providing their phone numbers if they rely on third-party authentication apps.