I received multiple calls this morning on my personal cell that's used for 2FA for my personal FB account. All of them, they were pitching me ads to buy for my business accounts.
None of my business accounts have my personal cell on them.
Edit: Now my personal email connected is getting emails to purchase business ads...
I would suggest sending a demand letter to Meta's legal department offering to settle for somewhat less than $1500 per violation. Here's an example: https://www.junkfax.org/w/images/0/0b/SampleDemandLetter.pdf
If they ignore you, be prepared to file a local case in small claims court (which you can do yourself without an attorney). The court can force them to pay you if you present evidence of the calls and the law(s) or regulations that were broken.
Disclaimer: I am not a laywer and this is not legal advice, but I have collected money from TCPA legal settlements in the past, each without needing to go to court.
But does this apply when using personal account data? Does the business account agreement override the use of PII on a personal account to initiate business solicitations?
Definitely something to talk to a lawyer about.
> Each party will be responsible for paying any AAA filing, administrative and arbitrator fees in accordance with AAA Rules, except that we will pay for your filing, administrative, and arbitrator fees if your Commercial Claim for damages does not exceed $75,000 and is non-frivolous (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b))
If it were me, I'd still send the demand letter and see how it plays out.
[1] https://www.dnc.com/news/compelled-arbitration-tcpa-defense-...
Also not a lawyer.
There indeed used to be an exemption to the law involving an existing business relationship, but 1) this was only for residential land lines and never applied to cell phones, and 2) it was revoked on October 16, 2013. [1]
[1] https://tcpablog.com/new-tcpa-regulations-take-effect-on-oct...
It sounds like his personal contact details are entirely separate from his business ones. I don't believe they should ever be using personal details to contact a business.
Even if he did provide them his phone number. In many places, that data may only be used for the purpose for which it was given. If they request a phone number for 2FA and then use it to contact you it could absolutely be considered illegal.
How is it not?
Some people get away with it though, like people with doctorates calling themselves Doctor on TV and giving out personal, relationship and medical advice while somehow managing not to be sued back to the Stone Age.
Edit: Am I wrong? Tell me why.
Never cross the streams on unrelated accounts.
You're absolutely sure, 100%, this is Meta employees themselves calling you? And Meta sending you e-mails?
Not spammers, of which there are many, and they get your contact info from all sorts of places? And which often lead you to believe they're Meta when they're really just scamming you or trying to sell ad placement consulting/optimization services?
Because with "multiple" calls and emails... this sounds like 3rd-party spammers, not something Meta does. And while Meta has been loose in the past with walling off information internally (to put it mildly...), it's not like they sell your contact info to spammers or anything (simply because it's not worth the effort, the money's way too small for a company of their size). Third-party spammers, on the other hand, will get your personal info from anywhere and everywhere.
For you to make a credible claim that Meta is using your 2FA contact info for marketing, you've really got to be sure that it's 1) actually Meta contacting you and 2) that they got your phone number specifically from 2FA and not just from looking it up publicly the way salespeople do.
Meta recruiting somehow got a hold of my name@amazon.com employer email -- which I have never posted publicly -- and started sending me recruitment emails to my work email. This struck me as incredibly unprofessional, though I understand it's almost certainly an automated system doing it.
I still don't know how they got the email address (though I guess it's just lastname+first initial, so they could have guessed?). I may have DM'd it to someone in a FB messenger chat? Maybe I used it in an "work email" field during sign up for some industry conference whose data later got hacked? A colleague accidentally merged their work/personal contact list and uploaded it somewhere? Who knows.
Yes. It's called Facebook Messenger. All your friends have it installed on their phone and it has access to all the data in their phone's contact list, including anyone who might have saved it in the email field of their contact entry for you.
Right? Isn't this the oldest criticism of Facebook Messenger?
How does "automated system" somehow mitigate it being unprofessional? If you're going to make an automated system, part of professionalism is to make sure it actually works correctly. But then, look at how many people are hiding behind 'it's an algorithm so we can't be held accountable' these days.
some bdr signed into an account, gave up an email address book, and that information was given to these companies who do "give me a name and a company, and i'll give you their email" services.
I suspect the biggest problem with that is not languages and frameworks, which are definitely going to be a problem, but databases. There is no way to map any of this into columns in any database I know about, and I don't know whether databases or operating systems evolve more slowly but they're both bottom quartile for sure. If you build provenance into or onto a prominent databases, we could have multiple frameworks and toolchains within a couple of years.
If you squint a little, Rails has a 1-bit provenance facility, in the form of "have I escaped this string for display in HTML yet?" That is one of a number of aspects that make up "where did you get this?". Rails also has a bespoke system that won't log anything stored in a field called 'password', but it would be better if we could tag tokens, passwords, and private communications as privileged information, and carry that around even if someone does something questionably like interpolates a password into an error message, and then someone else prints that error where it can be seen.
Things get a little tricky with interpolation, because now I need some sort of cardinality to say that the union of data of Type X and Type Y results in data of Type Y, or better Type X,Y which we treat more conservatively because of strict rules on Type Y data.
When I was in college I was briefly recruited by a company that made a Unix Window Manager for the Defense and Intelligence communities. The elevator pitch had a sort of simpler version of this idea. You had a different desktop for each security level, and the clipboard only worked from low security to high security windows. You could paste information from a window showing generally available information into a classified document, but you could not paste from a classified window back into an unclassified document. Yes that meant you couldn't paste a quote from a Presidential Speech out of a classified document, but you also couldn't accidentally select the next three lines of text and past those someplace bad.
Secureware?
- firstname@company.email
- firstnamelastname@company.email
- firstname-lastname@company.email
- firstname.lastname@company.email
from the recruitment side, cause I have asked this question to my company's HR... :P
hackers do it as well hence why I am always stressed about phishing, though recruitment mail on professional ids is still rather rare, recruiters also prefer to use personal email if available or so I have heard from a subset of them.
Try checking if it maybe some kind of phishing scam, I have seen those a lot, recruitment phishing is like the most common case of successful phishing.
They have my personal email, because they send recruitment spam to that one too.
Oopsie daisy! Tee hee, it was an honest mistake because ${team} didn’t know they weren’t supposed to!
I’m skeptical that it was Meta, given the zero evidence provided here. Unless the OP just pays for a phone number that is only used for Meta 2FA.. but that is a lot of money to have a phone number per a 2FA.
You would think that when you hand someone your telephone number and they promise to secure it or only use it for a specific purpose, the onus is on them to prove they didn't misuse it.
Individuals at Facebook know the law, and may even have individual incentives to follow the law. Facebook as an emergent entity, as an inhuman eldritch being built upon humans as component parts, cares nothing for the law.
As someone who works for Meta and and sees all the privacy trainings and the hoops you have to jump through to do anything with user data anymore at this company, someone is definitely getting fired for this if it was indeed Meta's fault and intentional.
We spend >$10m on ads annually on FB, yet haven't had a dedicated account rep since 2019.
Instead, they farm out "account marketing specialists" who pitch you on giving up more control to FB algo and generally have significantly less insight and experience with FB ads than the people they are calling.
One week last summer, I received 8 calls in a single day from different FB marking reps. I think they had some kind of call queue system based on the number of ad accounts, instead of on "Business manager" accounts, but it took a lot of firmly saying "Remove me from this list" and accusing them of phishing to get it to stop.
I just assumed I gave my cell to FB at some point, never thought of 2FA.
Services that require a phone number like twitter, discord, blizzard, signal, twitch, etc are giving you a heads up that they're abusive and will work against your interests. Stay far away.
Even government portals are copying the tactic. (I didn't agree to a draconian ToS recently for an online fee filing, and it took months and hours on the phone just to make a simple VISA payment).
https://techcrunch.com/2018/09/27/yes-facebook-is-using-your...
So it may well be that they have bad news and are under pressure to say that they are trying to improve revenue.
Use a "2FA Mule" that is only for that purpose:
https://kozubik.com/items/2famule/
I have the ringers silenced on mine so I wouldn't know if they got any spam calls ... and I assume they do ...
Twilio numbers are a dollar a month and will also forward to email or you can log into the twilio web interface to pick up sms codes if needed. Rejected by more places the demand 2FA
...
"Twilio numbers are a dollar a month ..."
I wanted very much to keep my telephony within twilio and maximize the mini-telco that I built for myself there ... however almost zero 2FA requirements can be fulfilled with "voip" numbers that are not honest-to-god mobile tagged phone numbers.
That's the whole point of the 2FA Mule, etc.
How do you even know it is Meta? Anybody can get your phone #, and it is super easy to get spam.
EDIT: and by "shitty" I mean my bank among many other equally important service providers.
