With data breaches on the rise, it makes sense that you'd want to take extra steps to secure your online accounts -- especially for those sites and apps you use every day, like Facebook.

For an extra layer of security,  Facebook has long pestered users to set up two-factor authentication. This requires your phone number. If Facebook recognizes you're logging in from a new device, the company will text you a code to verify your account.

Yet Facebook wasn't exactly transparent about how else it might use those phone numbers.

Not just for security purposes

It turns out that Facebook started using 2FA phone numbers to let anyone look them up, TechCrunch reports. While you can hide your contact info on your Facebook profile, there are other ways people could look you up on Facebook. One such way is if someone were to upload their contacts to Facebook from their phone.

By default, phone number lookup is set to "Everyone." This means that you need not even be Facebook friends with someone for them to look you up via phone number.

When providing your phone number for security purposes, you'd expect your phone number wouldn't be used for anything else. That turned out to not be the case. Once again, Facebook has done something slimy with user data.

Phone number lookup can't be turned off

In a tweetstorm, Emojipedia founder Jeremy Burge called out Facebook for this shady practice. "For years Facebook claimed the adding a phone number for 2FA was only for security," he wrote. "Now it can be searched and there's no way to disable that."

This Facebook Help article walks you through how you can control who's able to look you up using your phone number.

  1. Go to your Settings

  2. Go to the Privacy section

  3. Go to How People Find and Contact You

  4. Go to Who Can Look You Up Using the Phone Number You Provided?

  5. Select Friends (The default will likely be set to Everyone)

You can restrict this feature to only your Facebook friends, but unfortunately you cannot turn it off completely.