The old saying “when someone shows you who they really are, believe them” are words to live by, especially in this digital age of capturing unseemly behavior on camera. While it’s typically attributed to individuals, it can apply to businesses and corporations, specifically the social media giant, Facebook.

Kashmir Hill at Gizmodo reported that Facebook has been giving advertisers access to user’s phone numbers and contact lists, of which Facebook confirmed. According to Facebook, this will benefit the user so that they have a more “personalized” Facebook experience. However, the infamous Cambridge Analytica scandal proved this is certainly not the case.

Hill says that Facebook has what she calls “shadow contact information” and that is any information collected about a user from other people’s contact books – an apparent hidden layer of details on Facebook. Keep in mind, this is more information about the user on top of what they have already handed over for security purposes. Hill gives the use of the two-factor authentication as an example, saying that within a couple of weeks, advertisers started targeting users through the phone number.

Let’s say that a Facebook user name Jessica shares her contact list with Facebook. In her contact list, she has her friend, Rachel’s cell phone number and another phone number that was previously unassociated with her. Now Facebook has both of Rachel’s number and advertisers can start to target her. However, Rachel can’t access her “shadow contact information” because that would violate Jessica’s privacy, nor can she even see it, delete it or stop the advertisers from using it.

Hill says that Facebook has not been forthcoming about this at all because she asked them last year about the “shadow contact information” and they denied any involvement. This was likely to be around the time there was some loud chatter about people speculating that Facebook was listening in on their conversations as the advertisement started to reflect conversations.

If that wasn’t bad enough, The Daily Beast reported that, once again, Facebook was hacked and keys to 50 million accounts were stolen. If you had to re-log in to access Facebook today, that’s because the company reset everyone’s password when they realized what had happened.

This is pretty bad, as those keys are what allows users to stay logged in across multiple devices. Hackers had access to everything and Facebook apologized and stated they’re working on it but users didn’t need to change their passwords.

They’re right; users don’t need to change their passwords if they just delete Facebook.