It’s been a terrible year for Facebook’s reputation, having been dented by allegations of election manipulation in 2017. While the Cambridge Analytica revelations earlier this year, which supported those allegations, shook the world and the company, it’s been a constant stream of controversies surrounding the company’s many privacy missteps.

The latest one, believe it or not, is so bad, that it’s used largely by absolutely scummy  companies and apps simply looking to harvest daya. Facebook has been using its vast pool of mobile numbers submitted by users for two-factor authentication and allowing advertisers to target these numbers by adding them to their Facebook audience database.

So now not only does Facebook know what you like, whom you interact with, the brands you love and the ones you hate, your political affiliations, your location and photos for facial recognition, but also has the phone number to deliver all those targeted ads straight to your phone through various apps that may also have access to your number.

Gizmodo reported that Facebook has been using the 2fa mobile numbers for ad targeting. The publication worked with researchers in US universities who were studying how Facebook creates shadow accounts. The author wrote, “I was helping him (Mislove) test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.” Mislove is one of the researchers studying Facebook’s data collection practices.

But getting a landline number can be cumbersome if you are talking about billions of users. What better way to get mobile numbers than asking users to hand you their mobile number under the guise of improved security. As the investigative story says once Facebook gets your mobile number, your number becomes targetable by advertisers within a few weeks.

Facebook pretty much confirmed Gizmodo’s story today. A Facebook spokesperson told Techcrunch, “We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.

If that token stock response is not indication enough that it’s time to get rid of Facebook forever, I don’t know what else it might take. Of course, one can argue that Facebook has plugged the hole now and that you can sign up for two-factor authentication even without a mobile number, thanks to authenticator apps – here’s how you can do that.

In fact Facebook admitted that it had a 2FA related bug which spammed users with SMSes, which could be related to this very same method that Gizmodo reported on.

Facebook is caught lying time and again, but everytime it gets away with its hands in the proverbial cookie jar, it boldly raids another one, and so the cycle continues. At this point, I am not even certain there’s anything good about Facebook, but #DeleteFacebook will fall on deaf ears, and people will continue to trust the company run by a CEO who once called those very users “dumb fucks”.