Twitter recycled 2FA phone numbers to tailor ads

Micro-blogging site Twitter said the issue was rectified as of Sept 17 without disclosing how many users were impacted

Twitter: No, really, we're very sorry we sold your security info for a boatload of cash

The issue was rectified by September 17th, according to the firm. The company also reaffirmed that "no personal data was ever shared externally with our partners or any other third parties".

Microblogging platform Twitter has admitted that users data like email addresses and phone numbers that had been provided by them for security purposes may have been "inadvertently" used for advertising purposes. The company said it may have inadvertently matched its users to advertisers' marketing lists using said information. Facebook also admitted previous year about misusing data given by the users for different purposes.

In March, Facebook was highly criticised for using numbers and email addresses submitted for two-factor authentication to target advertising.

The company didn't disclose how many people were affected, and it said it addressed the issue on Sept.17.

However, what Twitter revealed in its statement on Tuesday was that this email matching was referencing addresses that users had submitted exclusively for the goal of enhancing their account security by adding two-factor authentication.

Whether or not Twitter meant to use phone numbers, the effect is the same, it was using sensitive account details for ad targeting without users' knowledge or permission.

Adding to Twitter's potential troubles, the company finalized an agreement with the FTC in 2011 that alleged the company failed to protect users from security threats. Unlike Twitter, however, Facebook did not consider the behaviour to be mistake.

The trouble, however, stems from the fact that advertisers can upload their own contact lists to match their customers with Twitter's users. "That's further compounded by the fact that Twitter is also under order already by the FTC". But after the disclosure of Twitter using data for ads made everyone reconsider the protection of data. People have added secondary email addresses and their phone numbers to help secure their accounts. "Connecting those two is a serious violation of security and privacy and that meant that, once again, the information you provided to protect your account was used to target you with advertisements".

Latest News