As TechCrunch reports, a tweet by Jeremy Burge on Friday raised alarm bells as it revealed Facebook won't allow users to opt-out of having their phone number used to look them up. It can be restricted to "Friends of friends" or just "Friends," but the option defaults to "Everyone." Even if you have no phone number listed on your user profile, a number used for two-factor authentication (2FA) will be associated and used for a look up search if it is available.
Facebook allows users to add phone numbers to their profile, but also encourages the use of a phone number for 2FA on their accounts. Last year, it was discovered that the social network was allowing advertisers to target users by uploading information which Facebook could match against a phone number. This included numbers provided purely to allow 2FA to work.
Now it seems, the use of phone numbers is being extended to help others find you on the network and Facebook won't allow you to stop it happening. Burge goes on to point out in a later tweet that the 2FA phone number is also shared with Instagram and triggers a prompt asking "is this your phone number?" when you first add it to Facebook.
Facebook responded to TechCrunch with regards to the look up setting, with spokesperson Jay Nancarrow stating, "the setting applies to any phone numbers you added to your profile and isn't specific to any feature" and that the settings, "are not new." Facebook also acknowledged the concern by stating, "We appreciate the feedback we've received about these settings and will take it into account."
If you have a Facebook account with any phone number listed, be that for 2FA or otherwise, the only thing you can do to restrict its use for look ups is to change the setting from "Everyone" to just "Friends." You can find the option in Settings under Privacy.