Twitter Admits To Using Emails, Phone Numbers, For Advertising

Twitter has admitted that it has unintentionally misused user’s personal data for advertising purposes.

The data it misused are the email addresses and phone numbers that users supply to Twitter for security purposes, namely for two-factor authentication.

This is not the first gaffe made by the microblogging website. Last year in 2018 for example, Twitter urged all users to change their passwords after a “bug” meant that people’s passwords were stored “unmasked in an internal log.”

Advertising use

That was not the first time that Twitter has had issues with passwords. In 2012 it unintentionally reset passwords amid rumours of a massive “hack”.

And then in 2016 it reset the passwords for users after 32 million login details (in plain text) were uploaded to a website, but Twitter denied at the time that it had been hacked.

But now Twitter had admitted to another gaffe with user’s security data, meant to safeguard their accounts.

“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” Twitter admitted in a blog post.

According to Twitter, the Tailored Audiences system is used by advertisers to target adverts to potential customers based on lists that the advertisers have created (typically phone numbers and email addresses).

Meanwhile, Partner Audiences provides those same features to advertisers, but the lists are created by third parties.

“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” said Twitter. “This was an error and we apologize.”

Twitter said it had resolved the issue by 17 September, but it could not say “with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware.”

“No personal data was ever shared externally with our partners or any other third parties,” said Twitter.”

“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” it concluded, before inviting concerned users to Twitter’s Office of Data Protection.

Past problems

Twitter has had other security issues before.

Aside from the password reset in 2012, Twitter also mistakenly sent out emails telling users their accounts were at risk in March 2014.

Those emails said their accounts had been compromised and users should change their passwords in order to minimise any potential damage.

Fast forward two years to February 2016, and Twitter was in the spotlight again when it revealed a serious vulnerability with its password recovery system that could have exposed the account details of almost 10,000 active Twitter users.

Twitter admitted that bug could have revealed the account details including email addresses and phone numbers associated with the affected accounts.

And then in June that same year Twitter was forced to lock accounts of users whose passwords were exposed in a database of up to 32 million login details which were uploaded to the web. However it denied the credentials were obtained in an attack on its servers.

Are you a Twitter know-it-all? Take our quiz to find out!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Apple Worker Texts Himself Customer’s Intimate Photo

Naked selfie warning, as Californian woman says she will take legal action against former Apple staffer

9 hours ago

Smartphone App Can Quickly Locate Drone Pilots

Smartphone app can “remotely identify airborne drones” as well as pinpointing the location of its pilot

10 hours ago

Google Readies Bank Accounts For US Customers

Search engine giant is planning a banking move, in a development that is sure to trigger regulatory investigations

10 hours ago

Facebook Removes 11.6m Child Abuse Posts

Depressing stats sees social network remove 11.6 million pieces of child abuse content in three month period

11 hours ago

Icahn Takes Stake in HP, Urges Xerox Merger – Report

Activist investor Carl Icahn acquires $1.2 billion stake in HP and reportedly urges merger with Xerox

13 hours ago

Making Sense of Big Data

Data is your business’s most precious commodity. Finding value and actionable insight in Big Data are vital components of all…

13 hours ago