The Facebook odyssey continues this week, this time getting back to one of the core issues at hand – privacy. The most consistent issue on hand has been data sharing, which opens up personal information for Facebook to share with corporate entities. This issue seems to have taken a step further now with a recent revelation about Facebook two-factor authentication.

Throughout 2018, Facebook kept messaging users to turn on two-factor authentication by using their phone number. It then came out that, along with the data sharing, Facebook was using those phone numbers to send users ads. However, it has now been found that Facebook’s default settings allow almost anyone to find a profile by searching the same authentication phone number. To make it worse, there’s no way to opt-out of the feature, according to TechCrunch.

This was brought to light by Twitter user Jeremy Burge who criticized Facebook and its use of people’s phone numbers. He said in one tweet, “For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that.”

“Hiding” a phone number also won’t completely disable the search capability. It can be set to “everyone,” “friends of friends,” or “friends,” but it cannot be completely turned off. The only way to get around this is by setting up a two-factor without a phone number, only available if someone hadn’t already set up the feature.