Twitter Was Using Your Email and Phone to Serve Up Targeted Ads

Required security information on the social media platform was accessed by marketers

Twitter / Unsplash

Two-factor authentication is an annoying but more secure process for logging in to a site. Besides typing in a password, it requires a second security clearance, like a fingerprint or (more commonly) an email or text with an additional one-time password or code.

But for that specific but common example to work, you’re trusting a company with your email address and phone number. And Twitter, once again, just broke your trust.

“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes,” notes Twitter in a recent blog post.

Those ads were for Tailored and Partnered Audiences, which allows advertisers to target ads to customers based on an advertiser’s own marketing lists or third-party partners. Twitter “may” have matched people on Twitter to these lists based on email or phone numbers users voluntarily provided to Twitter for security reasons.

As Hacker News points out, this follows recent admissions from the social media company that it’s exposed private tweetsplaintext passwords and personal information. It also points out that users have no option to prevent themselves from this company error, based on Twitter’s security requirements.

Twitter says no personal data was shared externally and that phone and emails used for security will no longer be used for advertising. However, the company “cannot say with certainty how many people were impacted by this.”

If this all sounds maddening and familiar, it’s because Facebook was doing the exact same thing for years, although they were recently ordered to stop (amazing what a $5 billion fine will do).

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.