In addition to a massive data breach, Facebook is in trouble for targeting ads using security information.
Facebook announced that its computer network has been breached, exposing the accounts and information of 50 million users, The New York Times reported on Friday.
While Facebook has fixed the vulnerability, millions of people have had their information exposed. Earlier this week, it was revealed that Facebook has been taking users' security information and making money off of it.
Facebook has been using the phone numbers its users provided to set up two-factor authentication for their accounts, to target more advertising towards them. The company did this without express permission from these users.
The tech giant admitted to this practice following a Gizmodo story on Wednesday. This means users looking to increase account security have unknowingly chipped away at their own privacy.
"We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time," Facebook said in a statement to Tech Crunch.
Facebook announced earlier this year that it would allow users to set up two-factor authentication without using a phone number. Instead, users can rely on a third-party authentication app or even a physical key to back-up their passwords. If users had known how their authentication phone numbers were being used, they might have switched to these options.
But Facebook is no stranger to playing fast and loose with users' data, as the Cambridge Analytica scandal demonstrated in April, so some users might be keen to skip the social network altogether: