FACEBOOK HAS SAID it didn't intentionally spam users of its two-factor authentication (2FA) service and blamed a 'bug' for the non-security-related SMS notifications.
Facebook implemented 2FA a few months ago, but last week it was revealed that the firm isn't just using the tool to offer users a more secure way to log into their account.
According to US software engineer Gabriel Lewis, Facebook is using his phone number, which he used to sign up to 2FA, to notify him about friends' posts on the social network.
"So I signed up for two-factor authentication on Facebook and they used it as an opportunity to spam me notifications," he wrote on Twitter.
Oh, and that isn't the worst bit, as the real problems begin if you decide to reply to the message. Should you reply with something along the lines of "do not text me", or "f*ck off, Facebook", this will automatically be posted to your Facebook profile.
And, ironically, this does not opt you out from receiving future SMS notifications from the company.
"To everyone telling me to opt out of mobile notifications, I never opted in," Lewis added.
Writing on Twitter, technology critic Zeynep Tufekci slammed Facebook's behaviour: "This is horrible. You give Facebook your phone number for login authentication.
"Instead, it abuses it to SMS spam to drive up engagement, and when you reply to spam, is posts it on your wall".
Alex Stamos, Facebook's chief security officer, has since explained in a blog post that it was not Facebook's intention to spam messages to 2FA phone numbers and apologised for the inconvenience caused to users.
"The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications," he said.
"We are working to ensure that people who sign up for two-factor authentication won't receive non-security-related notifications from us unless they specifically choose to receive them, and the same will be true for those who signed up in the past. We expect to have the fixes in place in the coming days." µ
Thanks to a hard-coded Nvidia Tegra X1 flaw
Time's up. Me too. Not him
Redmond says 'the fix is more complex than initially anticipated'
And, yep, they're really expensive