The issue, which may have persisted for months or perhaps even longer, was flagged by Bay Area software engineer Gabriel Lewi, who tweeted about it earlier this week. Prominent technology critic and sociologist Zeynep Tufekci then used the situation as a springboard to criticize Facebook’s alleged unethical behavior, thinking the 2FA notifications may have been an intentional method for Facebook to boost user engagement.

“I am sorry for any inconvenience these messages might have caused. We are working to ensure that people who sign up for two-factor authentication won’t receive non-security-related notifications from us unless they specifically choose to receive them, and the same will be true for those who signed up in the past,” Stamos writes in the blog post. “We expect to have the fixes in place in the coming days. To reiterate, this was not an intentional decision; this was a bug.”

Source: Facebook admits SMS notifications sent using two-factor number was caused by bug – The Verge

A bit worrying when your two factor security system starts acting up on its own and sending messages randomly.