Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads. It calls the move an accident.
The revelation is being widely criticized for its obvious breach of user privacy, particularly since it occurred via a scenario that was meant to bolster user security, not violate it.
In a post on its Help Center website, Twitter said that the company “recently discovered” that when users provided an email address or phone number for “safety or security purposes,” its Tailored Audiences and Partner Audiences advertising system may have “inadvertently” used the information for targeted advertising. “We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” the company said. “No personal data was ever shared externally with our partners or any other third parties.”