Twitter just admitted it “inadvertently” used the email addresses and phone numbers of select users to serve them targeted ads.
The email addresses and phone numbers in question were supposed to help protect users’ accounts using two-factor authentication and other security measures.
But the sensitive information was mistakenly fed into Twitter Tailored Audiences and Partner Audiences ad systems.
Tailored Audiences lets marketers target ads to customers based on their own marketing lists, including email addresses and phone numbers.
With Partner Audiences, marketers can use Tailored Audiences features to target ads to audiences provided by third-party partners.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” the company said in a statement released on Tuesday. “This was an error, and we apologize.”
As of Tuesday, Twitter could not say with certainty how many users were affected by the mistake -- yet it was confident in saying no personal user data was shared externally with its partners, or any other third parties.
Twitter also said that, as of Sept. 17, it had addressed the problem. It is no longer using phone numbers or email addresses collected for safety or security purposes for serving ads.
Twitter has experienced its fair share of security blunders, but not to Facebook's degree. In January, for example, Twitter was forced to alert Android users that their private tweets might have been exposed.
Those Android users might have been affected if they had protected tweets turned on in their settings -- and made certain changes to their settings, such as changing the email address associated with their account since late 2014, Twitter said at the time.Late last year, Twitter disclosed that a bug had potentially exposed the country code of users’ personal phone numbers, as well as whether their accounts had been locked by the social giant.