After exposing CEO‘s account, private tweets, passwords, and personal data for hundreds of thousands of users, Twitter admitted a new security problem.
In a blog post, the company announced that the phone numbers and/or email addresses provided by its users for the two-factor authentication protection had been used for targeted advertising.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” Twitter announced in a blog post. The officials of the network mentioned that this happened due to an “error” in its “Tailored Audiences and Partner Audiences advertising system”. Thus, the used data provided by its users for security reasons was used to run targeted ads.
Twitter explained that “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize.”
Users had no chance to avoid this problem, as they are asked for a phone number even if they decide to opt for security keys or authenticator apps. Still, Twitter claims that no personal data was shared externally, but said that it doesn’t know how many users were affected by this error.
“As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising,” the company said.