Twitter this week said it recently realized that some e-mail addresses and phone numbers submitted for account security purposes (two-factor authentication, for example) may have actually been used for targeted advertising purposes.
We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation: https://t.co/bBLQHwDHeQ
— Support (@Support) October 8, 2019
Twitter said that when an advertiser uploaded their marketing list, they “may have” cross-referenced e-mail addresses and phone numbers in their database (those provided for security purposes) with advertisers’ marketing lists. If a match is made, that’s a strong indicator that you are more likely to engage with an advertiser’s marketing messages. Thus, that advertiser goes out of its way to make sure you get its messages.
The concern here is two-fold. First, those e-mail addresses and phone numbers weren’t provided for advertising use but rather, security. Furthermore, and perhaps more worrisome, is the fact that cross-referencing could be used to uncover the identity of Twitter users that wish to remain anonymous.
Twitter said it isn’t sure how many people were impacted by this activity but noted that “no personal data was ever shared externally with our partners or any other third parties.” As of September 17, Twitter put a stop to the practice.