Twitter Inc. said it was sorry Tuesday after admitting that it used people's phone numbers and email addresses for advertising purposes even though that information should have only been used for two-factor identification.
Tailored Audiences and Partner Audiences are Twitter's advertising systems, which allow business to match their marketing lists with specific user accounts using the provided email addresses and phone numbers.
Twitter said it accidentally matched some of these customer lists with similar information that users shared with the company for security reasons, such as two-factor account authentication. "This was an error and we apologize", said Twitter.
Twitter assures users that no "personal" information was shared, though we're not sure what Twitter would consider "personal information" if your phone number and email address do not meet the bar.More news: Spotify Now Works with Siri in iOS 13
More news: Typhoon Hagibis Threatens To Disrupt Ireland Vs Samoa World Cup Game
More news: Miley Cyrus Celebrates 'Bangerz' Anniversary With A Sexy, Rebellious Instagram Post
Twitter now joins Facebook, which was caught doing the exact same thing previous year by a group of academics from Northeastern University and Princeton University. The company added that as of September 17 the issue was fixed. It didn't say how many users may have seen ads because of this activity. It's also "taking steps" to ensure this doesn't happen again. The resulting settlement requires the company to maintain a comprehensive data security policy and refrain from misrepresenting the way it handles and protects users' data, violations of which could carry fines.
Meanwhile, Partner Audiences provides those same features to advertisers, but the lists are created by third parties.
Twitter has revealed a number of additional data-security incidents this year. With 2FA, hackers can't take over an account unless they have access to the user's phone number, raising the difficulty level for attackers.