Twitter has disclosed that they “unintentionally” used email addresses and phone numbers that users provide for security purposes, such as two-factor authentication, for ad targeting. The company says that no personal data was shared with advertisers but also mentions that they’re uncertain about the number of people who were impacted by this error.
This issue was specific to Twitter’s ‘tailored audiences’ and ‘partner audiences’ features for advertisers. Tailored audiences advertising lets the advertiser target customers from their own mailing list, which includes email addresses and phone numbers. Partner audiences advertising lets advertisers use the mailing list of tailored audiences partners to target users for their ads.
Twitter matched people on the platform to the marketing lists uploaded by advertisers using tailored audiences based on their email addresses and phone numbers — which again were provided to Twitter for securing the account.
“This was an error, and we apologize. We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties,” the company announced.
Twitter says that the issue was resolved on September 17, and phone numbers or email addresses of users aren’t being used for advertising.
If you’ve any further questions regarding how the data might have been used and what kind of impact, if any, would this “unintentional” error have on the end users, you can use Twitter’s data protection inquiry form.