Representatives of Twitter admitted that the company inadvertently used data such as email addresses and phone numbers, intended for security purposes, for example, for two-factor authentication (2FA), to display targeted ads.
The fact is that when companies and users promote their ads on Twitter, they can filter the advertising audience based on a number of criteria. And by mistake, phone numbers of users and their mailing addresses were available through the company’s internal advertising systems – Tailored Audiences and Partner Audiences.“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system”, — repent Twitter representatives.
Tailored Audiences is an industry-standard version of the product that allows advertisers to target ads based on their own marketing lists (such as email addresses or phone numbers that they compiled). Affiliate audiences allow advertisers to use the same features of specially configured audiences to target ads to them.
Read also: Vulnerability in Signal messenger allows spying on users
When one of the advertisers uploaded their marketing list, it turned out that on Twitter this list was mapped to the list based on the email address or phone number that Twitter account owners provided for security purposes.
It is reported that the problem was fixed as early as September 17, and the company states that no other user data has been transferred to the company’s partners and other third parties. The exact number of users affected by this error is unknown to company representatives.
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties. We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again”, — argue in Twitter.
Ironically, Twitter’s use of mobile phone numbers for account authentication came under fire when its own CEO Jack Dorsey was allegedly the victim of a SIM swapping attack that led to his own Twitter account being abused. There are better forms of authentication than emails and phone numbers, and this will be another prompt for users to shift in that direction.
User Review
( votes)
