Twitter ‘inadvertently’ sold user data to advertisers

A flaw in the system meant email addresses and phone numbers provided for 2FA were used for targeted ads

Twitter logo on mobile phone

Personal information supplied to Twitter may have been used for the company's targeted advertising business against user consent.

Businesses advertising with the social media engine will have gained access to the email addresses and phone numbers of users who provided Twitter with this information for security purposes, like two-factor authentication (2FA).

This means users will have been subject to targeted advertising using the information they provided without consent for it to be used for this purpose.

"We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware," the company said. "No personal data was ever shared externally with our partners or any other third parties.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising."

The 'Tailored Audiences' service is Twitter's version of a common advertising product that lets advertisers target ads to customers based on their own marketing lists. The Partner Audiences service, meanwhile, lets advertisers use the Tailored Audiences list to target ads to users that are provided by third-parties.

Twitter has confirmed that when advertisers uploaded their own marketing lists, the platform may have matched people on Twitter to these third-party lists based on email addresses or phone numbers provided for 2FA purposes.

The incident is the latest in a string of issues with Twitter's platform and leakage of personal data for purposes against users' consent.

In August this year, for example, Twitter said it found an issue with its privacy settings that may have inadvertently led to user data being shared with third-parties. Users who clicked or viewed an ad on the app may have shared data with its third-party partners even if they didn't consent to the transaction.

In May 2018, meanwhile, users were warned that a flaw in its systems meant staff at the social media platform may have been able to view passwords in plaintext form.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020