Twitter has revealed that some user data might have been used for advertising purposes.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” the company wrote in a blog post. “Tailored Audiences is a version of an industry-standard product that allows advertisers to target ads to customers based on the advertiser’s own marketing lists (e.g., email addresses or phone numbers they have compiled). Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners. When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes.”
The issue was fixed as of Sept. 17. However, the company could not tell how many users might have been impacted by the mistake, but assured that no personal data was ever shared externally with partners or any other third parties.
Just last month Twitter admitted to ad-targeting data breaches in regard to user permissions, saying it found bugs that may have shared user information with advertisers even when users asked it not to do so.
“If you clicked or viewed an advertisement for a mobile application and subsequently interacted with the mobile application since May 2018, we may have shared certain data (e.g., country code, if you engaged with the ad and when, information about the ad, etc.) with trusted measurement and advertising partners, even if you didn’t give us permission to do so,” the company said in a post at the time.
The issues were fixed on Aug. 5, although Twitter didn’t say when it realized the breaches were happening.