Facebook has restricted phone number searches on its mobile site after a security researcher was able to find Facebook users by searching random phone numbers.
Facebook says being able to look someone up by searching for their phone number on Facebook is a feature, not a bug.
"By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number," Facebook said in an emailed statement.
It says it keeps people from abusing the feature by restricting how many times they are permitted to search for phone numbers.
If Facebook did not restrict that, Facebook users could be at the mercy of marketers, pollsters, basically anyone, looking to match phone numbers with information from Facebook profiles.
The researcher in question said that the mobile version of Facebook did not have the same rate limits as the desktop version. Other security researchers said they verified that. But Facebook disputes that.
"Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked," the company said.
If you are concerned about people having access to your profile by searching for your phone number, there are two steps you can take.
First, go to the about section in your profile. Click on the button next to mobile phones and other phones and make sure that they are not set to "everyone." You can change the setting to "friends," "friends except acquaintances" or, the most restrictive, "only me."
Then, go to your privacy settings. Click on "how you connect." Then under "who can look you up using the email address or phone number you provided," select "friends" or "friends of friends."
Of course, if you really want to shield your phone number from Facebook, the only sure-fire way is to remove it from Facebook.
Los Angeles Times