Facebook’s receding growth rate is a matter of concern for the company, and it looks like there will be some desperate measures to gain its users back. Software engineer Gabriel Lewis recently discovered Facebook’s crooked behavior of spamming those users who had registered their mobile numbers for two-factor authentication.

Lewis noted that in spite of not giving any permission for text alerts, he was receiving notifications via SMS, with no apparent way to opt out of them. Now, with the enormous amount of interactions that we partake in, having your phone buzzed every now and then can be annoying – especially if you already have app notifications turned on.

But it doesn’t end there – when Lewis tried to shut off these messages by replying with standard keywords like “STOP”, they were instead posted on his timeline without any obvious alert. On top of that, Lewis continued to receive those messages. This, as The Verge confirms, happens every time you reply to any SMS from Facebook – which is not just weird but creepy too.

Users on Twitter were quick to bring down their wrath on Facebook and the fire caught more fuel when noted sociologist and technology commentator Zeynep Tufekci joined the chiding and alleged that Facebook is blindly chasing metrics, warning that this growth “mindset” is harmful for social media users and ultimately the network itself.

This incident might also have legal implications as it violates the Telephone Consumer Protection Act (TCPA) which prohibits companies from sending unsolicited spam SMSes without explicit permission. The company is already facing certain class-action suits over reminding users about birthdays or other spam texts, even when the users had not opted for such alerts.

Facebook, which started the year with promises of giving its users complete control over their privacy already seems to be falling flat on its face. In response to The Verge, Facebook said that it is investigating the matter of uninvited notifications but did not speak about the auto-posting issue. The company urged that user can use a U2F key instead of their mobile numbers to register for the two-factor authentication. While it might seem like a bug at the first sight, many users have also alleged that Facebook is violating rules on purpose to fill up the gap created by young Americans moving away from the social network.