Twitter had admitted about a new security blunder in which the phone numbers and email addresses of some of its users that has been provided for two-factor authentication (2FA) protection were misused for targeted advertising purposes.
The company published in a blog post that the mistake occured while its ‘Tailored Audiences and Partner Audiences advertising system’ accidentally used the information provided by users for security reasons to run targeted ads based on the advertisers’ own marketing lists.
When an advertiser uploaded their marketing list, Twitter might have matched its users to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. The company admitted that it was an error and apologized for the same.
All the Twitter users are required to provide a valid phone number in order to enable 2nd-factor protection, even if they does not want to depend on phone SMSes for receiving 2FA code and opt for security keys or authenticator apps instead. And so the users cannot prevent themselves from this error.
Twitter assured that the personal data of the users were never shared externally with its advertising partners or any other third-parties that used the Tailored Audiences feature.
The company stated that they does not know how many users were affected by this error.
They have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.