Facebook Chief Security Officer Alex Stamos explained that the website didn't intentionally spam people who signed up for two-factor using their phone numbers. After all, Facebook doesn't want to deter people from signing up for 2FA. "[T]he last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications," he said.

The exec has also revealed that responses to the notifications got posted as status updates due to an old feature that allowed posting via text message. Obviously, that's no longer as useful in a world where WiFi hotspots and mobile data are becoming more and more common. That's why Facebook is now working to deprecate that feature, so those sick of getting random notifications can rage-reply to them without having to worry that their friends would witness their meltdown.

Until Facebook rolls out a fix, those affected by the bug can go to Settings > Notifications to switch off text notifications. (That's what I did when I started getting these messages some months ago.) Those who'd rather not risk the same thing happening in the future can choose to use a physical key or one of those code-generating apps instead of giving their phone numbers to the social network.