Twitter Fesses Up to Utilizing Users 2FA Phone Numbers For Ad Targeting

While Facebook has already enraged users over back-to-back privacy issues, it now seems Twitter will be the next to join the club. Recently, the platform has made an irritating disclosure about one of its blunders. Twitter, as revealed, ‘inadvertently’ exploited users’ 2FA phone numbers for ad targeting purposes.

Twitter Exploits 2FA Phone Numbers For Ad Targeting

Twitter has fessed up to a ‘blunder’ that, in a way, compromised users’ privacy. As disclosed through a recent post, Twitter mistakenly exploited users’ 2FA phone numbers for ad targeting.

They not only misused phone numbers but also exploited the email addresses uploaded by the users for authentication.  As stated by Twitter,

We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes.

Specifically, they used this information for their Tailored Audiences and Partner Audiences advertising system. The system allowed advertisers to target users with ads based on their own marketing lists (Target Audiences).

Due to an ‘error’, Twitter matched the details (contact numbers and email addresses) in these lists with users’ information uploaded for two-factor authentication.

Upon discovering the flaw, Twitter worked out to rectify the glitch by September 17, 2019. They further assured that they didn’t share any other personal information of the users with their partners or third-parties.

However, they haven’t specifically stated further details regarding the incident. For instance, they didn’t mention when the ‘mistake’ occurred and for how long it stayed active. Furthermore, they also didn’t specify the number of users affected by this issue.

We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware.

Twitter Hid More Details Of The Incident

Twitter has now rectified the issue and also apologized to the users.

We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.

Nonetheless, this pattern of recurrent mistakes and subsequent apologies look similar to the apology-pattern of Facebook. Last year, Facebook also admitted a similar activity for ad targeting, though it wasn’t a glitch.

Furthermore, like Facebook, Twitter also has repeatedly said ‘sorry’ for a number of ‘inadvertent’ things this year.

For instance, in January, they confessed to a bug affecting the Twitter Android app that revealed private tweets. Then, in May, Twitter confessed how a bug in its iOS app shared users’ location data with a ‘trusted partner’. Later, in August, the firm revealed another vulnerability in the ad settings that caused the sharing of users’ data with advertisers without users’ consent.

And now, we hear another ‘sorry’ for another bug breaching users’ privacy. Perhaps, it is high time for Twitter to ensure that such glitches violating users’ security and privacy do not occur in the first place.

Whilst it is impossible for any organization to ensure 100% security, from a users’ perspective, companies should be expected to remain vigilant to swiftly fix such bugs before they impact users. Of course, as we have seen in the case of Facebook, repeated apologies eventually lose their impact and sound something of a norm for a company. Twitter needs to ensure that its users do not get used to such ‘sorry’ things.

Let us know your thoughts in the comments.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers