Twitter revealed that it ‘inadvertently’ used user emails and phone numbers for targeting ads on its platform.
Twitter admitted on Tuesday (8 October) that it served tailored ads to account holders using phone numbers and email addresses that users provided to set up two-factor authentication on their accounts.
The social media platform operates a “tailored audiences” programme that allows companies to target advertisements displayed on the platform against their own marketing lists, such as phone number and emails they have compiled.
However, Twitter said that an issue arose when advertisers uploaded their marketing lists and this information was “inadvertently” matched with Twitter users using the phone numbers and email addresses that people had submitted for account security purposes.
Twitter said that it “cannot say with certainty” how many people were affected by the data sharing, but maintained that no data was ever shared externally with its partners or any third parties.
“As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising,” the disclosure continued. Twitter said that the incident was “an error” and apologised.
Facebook similarly confirmed last year that it had used the contact information users provided for two-factor authentication in order to target account holders with ads, and recently was handed down a $5bn fine as punishment for the mishandling of user data. As of yet, it is unclear whether Twitter will face any legal consequences for its disclosure.
Twitter’s list of privacy mishaps has been growing in recent months. Most recently, the company revealed in August that it had shared data, including country codes and other user information, with third parties without consent. Similar to this instance, the company maintained that the issue was a mistake on its part, saying that issues arose when settings “may not have worked as intended”.
Meanwhile, in May 2018, Twitter CTO Parag Agrawal outlined a bug in the company’s system that stored user passwords in plain text in an internal log.