Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes-though the company said it was ‘unintentional’.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” Twitter said in a blog post.
Since Twitter requires users to provide a valid phone number to enable 2nd-factor protection, even when they don’t want to rely on phone SMSes for receiving 2FA code and opt for security keys or authenticator apps instead, users had no option to prevent themselves from this error.
However, Twitter assured that no personal data was ever shared externally with its advertising partners or any other third-parties that used the Tailored Audiences feature.
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” Twitter wrote.
“As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.”