[transcriptase]

So meta engineers saw all those headlines about Twitter misusing 2FA phone numbers and instead of making sure it didn’t happen to them, kept them available to employees to “accidentally” use as well.

Oopsie daisy! Tee hee, it was an honest mistake because ${team} didn’t know they weren’t supposed to!

[fsociety]

Well no nice rhetoric but there are privacy reviews at Meta now to prevent these things. OP should collect evidence for why they think it was Meta and report it. Then it can be investigated properly and dealt with if true.

I’m skeptical that it was Meta, given the zero evidence provided here. Unless the OP just pays for a phone number that is only used for Meta 2FA.. but that is a lot of money to have a phone number per a 2FA.

[dimitrios1]

Nice rhetoric yourself. I am sure big mega corp has nice checks in place to try and prevent these things, but no system is perfect, nor exhaustive. That's the problem when you are a data sink as a business, your #1 incentive is to keep the data flowing in.

You would think that when you hand someone your telephone number and they promise to secure it or only use it for a specific purpose, the onus is on them to prove they didn't misuse it.

[LegionMammal978]

> You would think that when you hand someone your telephone number and they promise to secure it or only use it for a specific purpose, the onus is on them to prove they didn't misuse it.

How could this be acceptably proven, in your opinion, if at all? "This information has never been misused" is the null hypothesis; it can never be proven for certain, from the moment the information is out of your direct control.

[dimitrios1]

Proving it is another issue all together. Raising a reasonable concern that it was misused or mishandled triggers the process. And the process will uncover the the facts of the matter. For telephone numbers, the laws and regulations are pretty well written.

[MattGaiser]

Engineers don’t make decisions like that. Engineers got told to do it.