Skip to main content

Twitter Used Contact Info Provided for Two-Factor Authentication for Targeted Ads

(Image credit: Shutterstock)

Facebook isn't the only social media company that's misused account information. Twitter said yesterday that it "recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes." But don't worry--it's all better now!

It might be hard to believe, but people often share information with social media companies that they want to keep private. The most common example is contact information (phone numbers and email addresses) used for two-factor authentication features meant to make accounts more secure. But it seems that companies simply can't manage to actually use the information the way it was intended, as Twitter just demonstrated.

Twitter said in a support article that it didn't share this information with its partners or "any other third parties." Instead, the company claimed it mistakenly used ostensibly private data to assist with its ad system, specifically its Tailored Audiences and Partnered Audiences tools. 

"Tailored Audiences is a version of an industry-standard product that allows advertisers to target ads to customers based on the advertiser's own marketing lists (e.g., email addresses or phone numbers they have compiled). Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners. When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," Twitter said.

Twitter added that starting September 17, it started addressing the issue that caused this and is "no longer using phone numbers or email addresses collected for safety or security purposes for advertising."

Facebook similarly misused phone numbers provided specifically to enable two-factor authentication. Researchers said in September 2018 that those  phone numbers were used to inform targeted advertisements, even though Facebook claimed they wouldn't be, and then it was revealed in March that Facebook users could look people up by phone numbers that were supposed to be private.

At this point it's clear that, whether it's because of greed or incompetence, social media companies simply can't be trusted with information they promise to keep private. Twitter (or otherwise) being "very sorry" doesn't change that.