Your phone number may not be as private on Facebook as you think – and how to fix it

Graham Cluley
Graham Cluley
@[email protected]

Your phone number may not be as private on Facebook as you think - and how to fix it

If you use Facebook, your phone number may not be as private as you think.

A way in which Facebook privacy can be abused has come to light that will shock many users, but that the social network itself seems to consider a deliberate feature.

If you enter someone’s phone number into the search box on Facebook, the site can perform a reverse look-up and tell you who the phone number belongs to.

Sign up to our free newsletter.
Security news, advice, and tips.

Reverse look-up of a phone number on FacebookYou can see in the screenshot how I entered the mobile phone number of someone I am not Facebook friends with, and instantly was offered their name, photograph and a link to their profile.

When I spoke to the Facebook user in question, she was shocked and surprised that I had been able to find her profile simply by entering her mobile phone number.

She confirmed that her privacy settings were correctly locked down to such an extent that her phone number should only be accessible to her.

Think this Facebook privacy setting protects your phone number?  Think again

In her opinion, a privacy setting that says “Only me” attached to her phone number meant it shouldn’t be shared with any of her Facebook friends – and certainly should not accessible by me, as I’m not even one of her online friends.

And yet, if I entered her phone number into Facebook it would instantly tell me that she owned the number.

Is this a problem? Well, yes. I think it is.

Imagine, for instance, if a company knew the telephone numbers of people calling it – they would now be able to determine your name too, and possibly use it for more aggressive marketing.

Phone number on a napkin. Image from ShutterstockOr picture meeting someone at a party and giving them your phone number – and not realising that you were also potentially sharing your full name and other contact information.

You can probably dream up other privacy concerns of your own about this Facebook “feature”.

It should be your choice as to whether your phone number is connected with your Facebook profile, and whether someone can use one to find the other.

Even if you altered your privacy settings to ensure that your phone number is only visible to you, other people can still use it to look you up.

How to make your phone number more private on Facebook

The solution is to enter another section of Facebook’s privacy settings called “How you connect”.

Are you allowing anyone to search for you on Facebook via your phone number?

You will find the default Facebook chooses for “Who can look you up using the email address or phone number you provided?” is “Everybody”.

Once again, Facebook chose the least private default for your information.

To have tighter control over your phone number, and limit those who can perform a reverse look-up against your number, you will need to change that setting to “Friend of friends” or “Friends only”.

Of course, this will also mean that the same privacy settings apply to the email address you use on Facebook.

Facebook wants your mobile phone number

Facebook is becoming more and more aggressive in its pursuit of users’ phone numbers.

Remember, Facebook has been wanting your mobile phone number for some time and hasn’t been above using scare tactics to get you to hand it over.

Many users are forced to enter a mobile number for authentication when they create an account, or to be used as a security check if suspicious activity is detected.

Facebook encourages users to enter mobile phone numbers

My advice is always to be careful what phone numbers you share with websites.

There may be a case for keeping an old phone in a drawer, with a pay-as-you-go SIM. That throwaway number can be used for websites that demand a phone contact, but you don’t feel they really need it. Keep your real, regular phone number closer to your chest – and only share it with websites which you believe have a genuine requirement for it.

Phone number on a napkin image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.