Twitter today revealed that it was “unintentionally” using phone numbers and email addresses provided for account security for advertising purposes. The problem stemmed from the Tailored Audiences advertising program, Twitter said in a statement posted to its website.
Ecobee HomeKit Thermostat
Tailored Audiences is advertising platform that allows advertisers to target customers based on their own marketing lists, including things like email addresses and phone numbers. Advertisers can upload their marketing lists and have the information matched to Twitter accounts.
In this situation, Twitter was matching phone numbers and emails provided by users for security purposes to these lists:
When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize.
Twitter adds that it can’t say “with certainty” how many people were impacted by this problem. It also notes that “no personal data was ever shared externally with our partners or any other third parties.”
The problem was resolved as of September 17, Twitter says:
We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.
If this situation sounds familiar, it’s because, well, it should. Facebook admitted last year that it was using two-factor authentication phone numbers for ad targeting. This ultimately ended up being part of the massive fine the FTC handed down to Facebook.
As TechCrunch points out, this does not mean you should run and disable two-factor authentication on your Twitter account. Instead, you should use this as an opportunity to switch to Twitter’s app-based two-factor.