In yet another privacy scam, Twitter has apologized for “unintentionally” using phone numbers and email addresses of users to enable targeted advertising.
The personal information such as contact details provided by users for account security was used by marketers belonging to a third-party in order to reach out to specific Twitter users against the users’ wish to use information in such a way.
With regards to the situation Twitter said it “cannot say with certainty how many people were impacted.”
Furthermore, reports suggest the company is not contacting users to notify them directly about the breach. In addition, the firm is not disclosing the exact date when the issue was discovered, however says the problem occurred about 21 days ago, “as of September 17”.
According to Europe’s General Data Protection Regulation (GDPR), users essentially need to be informed if their data is used for a purpose other than what it is intended for. Twitter however would not inform if it had notified the Irish Data Protection Commissioner apart from communicating with regulators “where appropriate”.
Twitter has its European headquarters in Dublin and has about 139 million users on daily basis with adverts.
The company offers a platform for advertisers, which allows them to match their own database of customer email addresses, collected independently from Twitter, corresponding with users on Twitter with the same email address.
This practice makes targeted advertising across social networks successful in order to reach users familiar with the brand and the product.
Referring to a report submitted by Twitter, it said the email matching was used for referencing addresses submitted by users in order to guarantee advanced account security by adding a two-factor authentication.
This assured a second-level of security which involved getting a text message with a log-in code. Such a practice in return also prevented malicious actors to use a person’s credentials.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” explained Twitter.
“This was an error and we apologise.”