The company says an issue in which personal user data became available to third parties was an “error.”
Twitter apologized in a statement published on its website on Tuesday for an “error” in which users’ phone numbers and emails were shared with advertisers who use the data for targeting marketing campaigns.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication), this data may have inadvertently been used for advertising purposes, specifically in our and Partner Audiences advertising system,” the company stated.
According to the report, an advertiser could match the phone number with a store in which the user shopped recently and advertise to that user directly on Twitter.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” Twitter said in its statement. “This was an error and we apologize.”
The company says it fixed the error on 17 September, but did not disclose when the error first appeared or how many users have been affected.
This is not the first time in which social media giants have committed errors of a similar nature. In March, Facebook admitted to doing the exact same thing: “inadvertently” correlating phone numbers shared for security purposes with targeted advertising. According to a Northeastern University study conducted last year, users who provided phone numbers for security purposes began receiving targeted ads within the span of a few weeks.
So-called two-factor identification uses a user’s mobile account as an additional level of security, requiring the user to enter a code from SMS in addition to (or sometimes instead of) a regular username and password. This is widely considered to be an effective measure against the theft of credentials.