Email address and phone numbers provided to enable for two factor authentication of Twitter users’ accounts were used to target advertisements, the company revealed this week.
Twitter said it wasn’t aware of how many people were impacted by the mistake and no personal data was ever shared externally with its partners or any other third parties.
In a blog post, Twitter said security data may have inadvertently been used for advertising purposes, specifically in its Tailored Audiences and Partner Audiences advertising system.
Tailored audiences is Twitter’s product which allows advertisers to target ads to customers based on the advertiser’s own marketing lists (eg the email addresses or phone numbers they have compiled).
While Partner Audiences allows advertisers to use the same Tailored Audiences features to target ads to audiences provided by third-party partners.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologise,” the social media company said.
The company said it fixed the problem and is no longer using phone numbers or email addresses collected for safety or security purposes for advertising.
Earlier this year Twitter apologised for collecting location data of some of its users and passing it on to one of its partners to target advertising without explicit permission.