Twitter has admitted that it has been using phone numbers and email addresses that its users have provided to enable two-factor security for advertising purposes.

In a statement, Twitter revealed that this was “inadvertently” done by its Tailored Audiences advertising program.

“We recently discovered that when you provided an email address or phone number for safety or security purposes,” the statement explains, “this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system.”

The Tailored Audiences system is used by advertisers to target adverts to potential customers based on lists that the advertisers have created (phone numbers and email addresses, usually).

Meanwhile, Partner Audiences provides those same features to advertisers, but the lists are created by third parties. According to Twitter, “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes.”

Big error

This is, of course, a big breach of trust – and security – on Twitter’s part. People have added secondary email addresses and their phone numbers to help secure their accounts. So, for example, if you log in to your Twitter account on a new PC, Twitter will send an email or text to your secondary email or phone number to confirm its you.

In no way are these additional email and phone numbers supposed to be passed on to other companies to be used for advertising or other purposes.

Twitter claims it doesn’t know how many people were impacted by this, but it promises that no personal data was shared externally with partners or third parties.

It also claims that the issue has been fixed as of September 17, but it's only now made the issue public.

Twitter repeatedly apologizes for this transgression in its statement, but it’s bound to impact trust between its users and the social media platform. However, despite this breach of trust, we still recommend leaving two-factor authentication turned on for the additional security it provides.

Hopefully, Twitter has learned from this mistake and will not allow it to happen again.

Not convinced? Here’s how to delete Twitter for good

Via TechCrunch