Twitter is supposed to use phone numbers for only the two-factor authentication, but it seems to have been unintentionally used for more than that. Yesterday, Twitter announced that it “unintentionally” used phone numbers and email addresses gathered for account safety and security (including two-factor authentication), for advertising purposes.
No personal data was shared with the company’s third-party partners, and the “issue that allowed this to occur” has been addressed, according to Twitter.
What Twitter didn’t know while this happened in their backyard is that advertisers on the platform can customize promos based on uploaded marketing lists, and Twitter may have matched people on those lists based on phone digits and email addresses that were supposed to be off-limits. “This was an error,” Twitter said.
“We cannot say with certainty how many people were impacted by this,” Twitter said in a blog post disclosing the security mishap. “We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”
Although the social media site said that as of September 17th, phone numbers and email addresses are now only collected for security purposes.
Over the past year, Facebook has taken the heat of criticism over its privacy malpractices whereby we saw in July, the Federal Trade Commission (FTC) fining the social media giant $5 billion for breaking the law when it engaged in a similar practice as Twitter and a litany of other instances where it mishandled user data.
However, Twitter has also been entangled in its own controversies over how it handles the privacy of its users. Phone numbers provided to Twitter for the purpose of two-factor authentication were recently exposed as a hacking vulnerability as well.
Back in May 2018, the platform advised all 330 million of its users, to change their passwords after a bug was discovered that exposed them in plain text. Although Twitter said that at the time no information was breached or misused.
And, just last month, Twitter CEO Jack Dorsey’s account was compromised when a hacker or hackers were able to tweet racial slurs from his account by convincing their systems that they had his phone and were texting the tweets to his account. There’s been a long list of Twitter platform issues and yesterdays was actually the seventh such issue in the span of a year as ZDNet reports.
This isn’t likely to go over well with critics whether or not the social media platform intended to use phone numbers considering Facebook caught flak just over a year earlier for using phone numbers for ad targeting. Just like then, the effect is still the same because it was using sensitive account details for ad targeting without users’ knowledge or permission. Therefore regulators may be concerned enough to take a look, especially since they just finished hitting Facebook with fines for its own less-than-careful approach to user data.