A security blunder by Twitter exposed phone numbers and email addresses of its users who opted for two-factor authentication (2FA) protection. The social networking company stated that user contacts had been used for targeted advertising purposes.
In an official statement, Twitter stated that an error in its ‘Tailored Audiences and Partner Audiences advertising system’ unintentionally used the information, provided by users, to run targeted ads.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” Twitter said in a statement.
Tailored Audiences system allows advertisers to target ads to customers based on the advertiser’s marketing lists. Twitter stated its unclear how many users were impacted by this error. However, the company assured its users that no personal data was ever shared externally with its advertising partners.
“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again. If you have any questions, you may contact Twitter’s Office of Data Protection through this form,” Twitter added.
Previously, the microblogging giant similarly apologized to its users after it discovered and fixed a security bug that could have exposed users’ phone country codes and locked account details.
Twitter stated they noticed unusual activity in its Application Programming Interface (API) and observed a large amount of traffic coming from IP addresses located in China and Saudi Arabia. Twitter stated the bug was fixed on November 16, 2018, and informed the users that may have been affected due to the security bug. Twitter said the IP addresses might have been linked to state-sponsored actors, and the company is investigating the same to find the origins.