Twitter used private user phone numbers to target ads


Twitter announced in a recent blog post that the email addresses and phone numbers that users provided for two-factor authentication might have “[i]nadvertently been used for advertising purposes.”

Specifically, the platform’s Tailored Audiences and Partner Audiences advertising systems used the data. Twitter further stated, “We cannot say with certainty how many people were impacted by this.”

A Transparent Apology

The popular social media forum reported its security misstep “[t]o be transparent” and to “[m]ake everyone aware.”

Manage your supply chain from home with Sourcengine

Tailored Audiences allows advertisers to target ads to customers based on marketing lists that they generate using private databases of email addresses and phone numbers. Partner Audiences provides very similar features, but third-party partners populate the service with customer lists.

Twitter admitted that the error occurred after an advertiser uploaded its marketing list. The firm explained that it might have used account holders’ email addresses and phone numbers that were provided for “safety and security purposes” to match users to the advertising list.

Fortunately, Twitter stressed that it did not share any personal user data with its external partners or other third parties.

Furthermore, the company notes that it has addressed the issue at the root of the problem. As of September 17, Twitter claims that it is no longer using two-factor authentication data for advertising purposes.

The platform apologized for its actions saying, “We’ve very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”

Previous Twitter Problems

This recent data leak follows Twitter’s disclosure last year that a “bug” exposed the passwords of 330 million users in plain text. After investigating the issue, the company didn’t find any evidence of a breach or misuse of the unveiled passwords.

In addition to data and security problems, Twitter has suffered criticism for allowing an extensive amount of cyberbullying to occur on its platform. Other social sites, like Instagram, have taken measures to combat online bullying. By comparison, Twitter’s forum is largely unregulated.

People expressed confusion about Twitter’s purpose for a long time. The firm’s CMO, Leslie Berland, finally summed up the reason that the platform exists in a speech at CES 2017. “Twitter shows me what’s happening in the world.”

She continued, “Twitter shows me what’s up. Twitter keeps me on the pulse. Twitter keeps me informed. This is why people love Twitter.”

Most users will probably agree that staying “on the pulse” is great. However, seeing “what’s up” should not come with the cost of a personal data breach.

Not Just a Twitter Problem

Unfortunately, in today’s technological age, hackers and cybercriminals regularly access unsuspecting people’s online data. Malicious operators have even seized information from multiple city government systems.

Last month, a massive Facebook data leak exposed 419 million user phone numbers. In July, Capital One suffered a data breach that impacted 100 million customers.

Thankfully, Twitter is confident that its recent mistake won’t impact users. However, the site does encourage anyone who has questions about their account to contact the company’s Office of Data Protection via an online form.