×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Facebook Apologizes For Heinous Two-Factor Authentication Spam And Offers A Fix

It is amazing what a little public shaming will do, especially in this day and age of social media. Not that we are advocating being an online bully or anything like that (please don't be). However, Facebook is making a change to the way it handles two-factor authentication on mobile devices after it was lambasted online for spamming users with unrelated notifications when enabling the added security precaution.

Let's start with the backstory. In a recent Twitter post, a Facebook user and software engineer named Gabriel Lewis complained that he was receiving notifications on his phone after enabling two-factor authentication. The notifications had nothing to do with security, and instead were links to posts of assumed interest by his Facebook friends. In essence, Facebook took advantage of enabling two-factor authentication by spamming his phone with notifications.

Even worse, any replies he made to the text messages were posted on his wall. For example, he texted "stop," "Pls stop," and "STOP" to try and get Facebook to stop sending him unrelated notifications. It didn't work, and each of those replies ended up on his wall.

Kate Conger, a writer at Gizmodo, said she experienced the same thing. Only in her case, she wrote in a reply, "Abusing a security tool like 2fa to spam users is a really sh***y shortsighted thing to do," which Facebook embarrassingly posted as a comment on a vacation phone that her boss posted two weeks prior. Her boss was understandably confused, putting Conger in the uncomfortable position of explained why she cursed at one of his vacation pics. Not cool.

News of Facebook's bad behavior quickly spread, prompting an apology and an upcoming fix.

"It was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused," said Alex Stamos, Facebook's chief security officer. "We are working to ensure that people who sign up for two-factor authentication won't receive non-security-related notifications from us unless they specifically choose to receive them, and the same will be true for those who signed up in the past. We expect to have the fixes in place in the coming days. To reiterate, this was not an intentional decision; this was a bug."

The apparent "bug" is that Facebook enables mobile notifications by default when turning on two-factor authentication. This should be an opt-in feature, not an opt-out one, and apparently Facebook is working to make it so. In the meantime, if this is something that affects you, go to Settings > Notifications to toggle them off.

Stamos also addressed the issue of why responses to notifications were being posted as status updates.

"For years, before the ubiquity of smartphones, we supported posting to Facebook via text message, but this feature is less useful these days. As a result, we are working to deprecate this functionality soon," Stamos said.

Sounds like a good plan to us.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source