Twitter disclosed that your email address or phone number may have been shared with advertisers for advertising purposes.
The platform shares this jeopardy is specifically liable for its Tailored Audiences and Partner Audiences advertising system.
Tailored Audiences allows advertisers to target ads based on their own compiled lists of phone numbers or email addresses. Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners.
Reportedly, when an advertiser uploaded their marketing list, the company matched people on Twitter to their list based on the email or phone number, the Twitter account holder provided for safety and security purposes.
The platform claims they are not aware of how many people are impacted by this and “No personal data was ever shared externally with our partners or any other third parties”.
The platform was aware of this at least since September 17. As they state, “As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising”.
This is not the first time 2FA or two-factor authorization has been used by a platform for targeted advertising. In September 2018, Facebook invaded it’s users’ privacy, by using their phone numbers provided for 2FA for targeted advertising.
And this is not the first time Twitter may have shared data with advertisers either, this is the second data breach within the last three months.
In August 2019, Twitter revealed, if you clicked or viewed an advertisement for a mobile application and interacted with the mobile application since May 2018, they may have shared certain data (e.g., country code, if you engaged with the ad and when, information about the ad, etc) with measurement and advertising partners, even if you didn’t give them permission to do so.
In January 2019, a Britain-based security firm named Insignia Security revealed, a bug that exposed twitter accounts of several celebrities, journalists, etc. still prevailed after Twitter claimed to fix it.
In the same month, it was found that ‘Protect Your Tweets’, an option that made Twitter account private, was disabled if certain account changes were made, exposing user tweets without user permission. The issue existed from November 3, 2014, to January 14, 2019.
Twitter should be answerable for these breaches and exploitation of users’ private information but they and numerous other social media platforms seem to get away with it without any consequential penance, time & again.
If users have any concern with Twitter’s 2FA data breach or have been affected by it, they can express their concern by filling out this form.