At this point, it's painfully unsurprising to hear new examples of tech companies misusing customer data. But a particularly shameful version of the story has become increasingly common: services pulling phone numbers and other data used for two-factor authentication into their marketing databases. On Tuesday, Twitter became the latest tech giant to join those ranks.
The company said in a statement that it accidentally ingested phone numbers and email addresses collected for security measures like two-factor into two of its advertising systems, called Tailored Audiences and Partner Audiences. The company didn't give the information directly to marketers, but used it to help them target ads to Twitter users. Twitter stopped the data bleed on September 17, three weeks before coming forward about it. It's not clear for how long the improper sharing had taken place prior, and Twitter says it doesn't know how many users were affected.
"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," the company wrote in its statement. "We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again."
A Twitter spokesperson told WIRED that the company doesn't have further comment on what internal issue caused the mix-up. In September 2018, Facebook admitted that it, too, had used phone numbers customers had shared to set up two-factor auth ..
Support the originator by clicking the read the rest link below.
