image
Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads. It calls the move an accident. The revelation is being widely criticized for its obvious breach of user privacy, particularly since it occurred via a scenario that was meant to bolster user security, not violate it. In a post on its Help Center website, Twitter said that the company “recently discovered” that when users provided an email address or phone number for “safety or security purposes,” its Tailored Audiences and Partner Audiences advertising system may have “inadvertently” used the information for targeted advertising. “We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” the company said. “No personal data was ever shared externally with our partners or any other third parties.” Tailored Audiences allows advertisers to target ads to customers based on the advertiser’s own marketing lists—which include email addresses or phone numbers. Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners. What happened in the breach is that Twitter matched its users to advertisers’ marketing lists based on the email or phone number the Twitter account holder provided during two-factor authentication, the company said. Twitter did…

Source