Facebook has allegedly been using its two-factor authentication system to cajole users to log back in to the social networking platform.
The social media giant implemented a new authentication mechanism a few months ago, but a number of users have complained that Facebook isn't using 2FA solely for security.
According to US software engineer Gabriel Lewis, two of Facebook's authentication mechanisms use the same phone number, despite claiming to put data privacy first.
I signed up for two factor authentication on Facebook and they used it as an opportunity to spam me notifications
He believes that Facebook is using 2FA to send account holders SMS notifications about posts from friends without them even signing up.
"So I signed up for two factor authentication on Facebook and they used it as an opportunity to spam me notifications. Then they posted my replies on my wall," he wrote on Twitter.
The problems begin to start if you reply to the message. Should you say something like "do not text me", this will be posted onto your Facebook profile automatically.
And, ironically, this does not opt you out from receiving SMS notifications from the company.
The odd thing is that Lewis claims he never signed up to receive text message notifications anyway. "To everyone telling me to opt out of mobile notifications, I never opted in," he confirmed.
You give Facebook your phone number for login authentication. Instead, it abuses it to SMS spam to drive up engagement
The Verge responded to these claims by conducting some tests, and it also found that Facebook posts 2FA text messages onto users' profiles.
Writing on Twitter, technology critic Zeynep Tufekci slammed Facebook's behaviour: "This is horrible. You give Facebook your phone number for login authentication.
"Instead, it abuses it to SMS spam to drive up engagement, and when you reply to spam, is posts it on your wall".
Millions of users, particularly in the US, have abandoned the website as a result of privacy, spam and security problems - although its decline in mature markets has been masked by continuing growth in developing markets.
One user said: "I stopped using Facebook months ago for a wide variety of reasons. I'll never go back".
In response to questioning from The Verge, Facebook burbled: "We give people control over their notifications, including those that relate to security features like two-factor authentication.
"We're looking into this situation to see if there's more we can do to help people manage their communications.
"Also, people who sign up for two-factor authentication using a U2F security key and code generator do not need to register a phone number with Facebook."
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year