INSUBCONTINENT EXCLUSIVE:
Twitter has said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to
serve targeted ads.
In a disclosure Tuesday, the social media giant said it did not know how many users were impacted.
The issue stemmed
from the company tailored audiences program, which allows companies to target advertisements against their own marketing lists, such as
phone numbers and email addresses
But Twitter found that when advertisers uploaded their marketing lists, it matched Twitter users to the phone numbers and email addresses
users submitted to set up two-factor authentication on their account.
The issue was addressed as ofSeptember 17, the disclosure
said.
Two-factor authentication is an important security feature that makes it far more difficult for hackers to break into user accounts
Although some use their phone number as a way to receive two-factor codes, it a method that has long been vulnerable to interception and SIM
Users should instead switch to Twitter authenticator-based two-factor.
Twitter finds itself in the same boat as Facebook, which last year
was caught using users& phone numbers and email addresses, which they gave Facebook for securing their accounts, for targeted advertising
The Federal Trade Commission fined the social networking giant $5 billion earlier this year and was prohibited from using the phone numbers
it obtained for setting up two-factor for advertising.
For its part, Twitter said its ad targeting was &an error& and apologized.
It the
latest in a number of security lapses at Twitter in the past year
Last year, the company admitted to storing passwords in plaintext, disclosed a phone number leak bug despite knowing about it for two years,
and confirmed a location data leak in May.
In August, Twitter chief executive Jack Dorsey had his own account hacked.
A hacker has
compromised Jack Dorsey Twitter account
