When an advertiser uploaded its marketing list, some users were matched based on their security email or phone number.

Twitter Inc has said email addresses and phone numbers uploaded by users to meet its security requirements may have been “inadvertently” used for advertising purposes.

“We recently discovered that when you provided an email address or phone number for safety or security purposes [for example, two-factor authentication] this data may have inadvertently been used for advertising purposes,” Twitter said in a statement on Tuesday.

When an advertiser uploaded its marketing list, some users were being matched to those lists based on their security email or phone number.

190929065716435

“This was an error and we apologise,” the company said, adding that it “cannot say with certainty how many people were impacted”.

The micro-blogging site said the issue was rectified as of September 17.

Social media companies, including Twitter and Facebook, have faced heat from users and regulators globally on how their platforms handle user data.

Twitter said when advertisers uploaded their marketing lists, it may have matched people on the platform to their list based on the email or phone number provided by account holders.

The company said the information was not shared with third parties but was made available internally to allow users to receive targeted advertising.

191003030830346

The San Francisco-based company insisted that no data was shared externally and that as of September 17 the issue had been resolved.

“We are very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” Twitter said.

Twitter made a similar public apology in July, admitting that it may have shared data from its mobile app users, including country codes and ads engagement, with advertising partners “even if you didn’t give us permission to do so”.