[fastcompany.com...]

For years Facebook has been pestering its users to secure their account with two-factor authentication (2FA) by prompting them to enter their phone number so they could get a text with a security code login when logging into their account from a new device for the first time.

On the surface, Facebook prompting people to enable 2FA was a good thing–if you have 2FA enabled it’s much harder for someone who isn’t you to log in to your account. But this being Facebook, they’re not just going to do something that is only good for the user, are they?

Last year it came to light that Facebook was using the phone numbers people submitted to the company solely so they could protect their accounts with 2FA for targeted advertising. And now, as security researcher and New York Times columnist Zeynep Tufekci pointed out, Facebook is allowing anyone to look up a user by their phone number, the same phone number that was supposed to be for security purposes only.

Emphasis mine. Bottom line: You didn't authorize this use of your personal numbers and you can't opt out(short of deleting the account anyway). It's a problem.