Twitter has confirmed that it had been using phone numbers and email addresses provided by users for advertising purposes.
Despite the phone numbers and email addresses being solely used for two-factor authentication, Twitter has admitted that the data was “inadvertently” used in the Tailored Audiences and Partner Audiences advertising system.
The Tailored Audiences systems allows advertisers to target ads to customers based on their own marketing lists, whilst Partner Audiences enables advertisers to utilise the Tailored Audiences features to targets ads to audiences that are provided by third-party partners.
As a result of this, in a statement, Twitter explained that it may have matched people on Twitter to an advertiser’s marketing list “based on the email or phone number the Twitter account holder provided for safety and security purposes.”
Twitter cannot confirm how many people were impacted, however in an effort to be transparent, Twitter released the statement to ensure everyone is aware.
It should be stressed that no personal data was shared externally with Twitter’s partners or third parties.
From September 17, Twitter has stopped using phone numbers or email addresses collected for security purposes, for advertising.
“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”
This security lapse has been one of many in recent years. Only last month, Twitter disabled its tweet via SMS feature, after the account of Twitter CEO Jack Dorsey had been compromised.
Furthermore, users were advised to change their passwords last year after Twitter discovered that a bug had exposed user passwords in plain text.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/