Ian Knighton/CNET

Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company's efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed. Earlier this year, it was revealed that Facebook was using two-factor authentication data like phone numbers and email addresses for targeted advertising, too.

Facebook stopped using phone numbers for advertising as of June and will now stop using the information to suggest people you may know, Reuters said. According to the report, it's part of Facebook's privacy settlement with the Federal Trade Commission, which cost the social media giant a record $5 billion.

"Based on feedback from the privacy and security communities, we have started updating our two-factor authentication feature so that phone numbers people add here won't be used to suggest friends," a spokesperson told CNET in a statement.

Now playing: Watch this: Don't let Facebook use your location to find friends

It's part of a larger shift Facebook has made since it came to light in 2018 that the Cambridge Analytica political consultancy improperly accessed the information of 87 million Facebook users. In addition to its settlement with the FTC, which dealt with privacy problems beyond the Cambridge Analytica scandal, Facebook has had to comply with new privacy laws around the globe. That includes the General Data Protection Regulation in the European Union, and the California Consumer Privacy Act, a comprehensive privacy law in California that comes into effect Jan. 1, 2020.

The overhaul of the use of personal two-factor authentication data will start in Pakistan, Ecuador, Libya, Ethiopia and Cambodia this week, Reuters reported, before being expanded globally in 2020.

Earlier Thursday, it was also revealed that over 267 million Facebook user IDs, phone numbers and names were exposed online. Security researcher Bob Diachenko discovered the user data on Dec. 14. The personal information was available in a database that anyone with the right web address could access.

Originally published Dec. 19, 12:18 p.m. PT.

Updates, 1:32 p.m.: Adds comment and confirmation from Facebook; 2:17 p.m.: Includes background on legal changes affecting Facebook's privacy practices.