Facebook is using phone number entered during two-factor authentication to target ads and allowing anyone to look up user profiles. Facebook allows anyone to look up user profiles using the phone number entered for the 2FA. Facebook's privacy setting doesn't have any feature to completely hide phone numbers. Facebook claimed the adding a phone number for 2FA was only for security.
In his tweet, he highlights that Facebook's privacy setting doesn't have any feature to completely hide phone numbers. Facebook allows you to hide your date of birth from everyone even from your friends if you select the "only me" option. But for phone numbers, under the "who can look you up using the phone number you provided", Facebook sets the search to "everyone" by default. You have to show your phone number to either "friends of friends" or "friends." There is no "only me" or "no one" option to hide the phone number.
You get two things from here- first, your number will continue to show to everyone if you do not change Facebook's default setting. Second, you cannot hide your phone number as you don't have the "only me" option here.
"For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that," Burge said in his tweet. He also said that Facebook shares the 2FA number with Instagram which automatically prompts a message to confirm your phone number when you link your Instagram to Facebook.