Twitter admitted having “inadvertently” used phone numbers and email addresses, collected for security purposes, for advertising.
Twitter apologized to have used phone numbers and email addresses, privided by the users for security purposes, for advertising. According to the social media company, data used for account authentication were also matched with advertisers’ database to improve the efficiency of ads.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system.” reads a post published by Twitter.
At the time of writing it is unclear the number of impacted Twitter users.
The company attempted to downplay the severity of the privacy incident highlighting that none of the user data was shared with partners outside the company.
The Twitter Tailored Audiences product allows advertisers to target ads to customers based on the advertiser’s own marketing lists that includes info such as email addresses or phone numbers. Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners.
Twitter admitted that when an advertiser uploaded their marketing list, its staff may have matched the information included in these lists with data provided by its users to protect their accounts.
The root cause of the problem was addressed in September 17, 2019.
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties.” added Twitter.
“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.