The problem here is that users cannot opt out of this feature and anyone with or without an account can look up user profiles just by using their phone numbers. "Facebook sets the phone number lookup setting to 'Everyone" by default.
Facebook recently asked users to add their phone numbers to their profiles as an extra security measure, but now users have realised their numbers are being used as a way to look up their profiles and target them with ads, and there's no way to turn it off, according to users.
Last year, Facebook was criticized for using phone numbers used in two-factor authentications to send targeted adverts.
You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile.
A tweet posted this weekend by Emojipedia founder Jeremy Burge revealed a worrying method for looking up specific profiles that most users are unaware of: the phone number you provided for two-factor authentication. Two-factor authentication is an important security feature, and past year we added the option to set it up for your account without registering a phone number.
And if you're not regularly keeping up to date with these features - say, through technology news outlets like us - it's frighteningly hard to address privacy issues you aren't even aware of. "I can no longer keep private the phone number that I provided only for security to Facebook", security expert and writer, Zeynep Tufekci, wrote on Twitter.
Burge compared the use of phone numbers by Facebook to having a unique ID that links your identity across every platform on the internet.
More troubling to critics like Burge is Facebook's penchant for sharing consumer data between its properties, including Instagram, WhatsApp and its flagship platform. Facebook didn't state whether it plans to change the controversial practice in the future. And it's impossible to disable the feature if you added your number - only limit it to your immediate friend circle. Facebook is now caught up in another privacy issue.
Alex Stamos the chief security officer at Facebook also practiced in one of the tweets, and said: "Facebook can't credibly require two-factor for high-risk accounts without segmenting that from search and ads".
"Although two-factor authentication is a necessity for individuals in order to help protect their accounts from being hacked, allowing phone numbers to be searched on one of the world's largest social databases may not be the best idea", he added.