Twitter said phone numbers provided for security used for ads
Microblogging giant Twitter has disclosed a major security lapse, a bug that used phone numbers and email addresses provided by users for targeted advertising - without permission. The information was provided for the purpose of account security, but the flaw, which now appears to have been fixed, employed it for serving ads. Here's all you need to know about it.
Two-factor numbers used for targeting ads
Just like Facebook, Twitter also requires users to provide their phone numbers and emails to set up two-factor authentication, the feature that authenticates a log-in attempt by sending a unique code to the account holder's number. The method makes it difficult for hackers to break into accounts but in this case, Twitter says, the numbers/emails given for 2FA were used for delivering personalized ads.
How exactly the phone numbers were used?
While detailing bug in a blog post, Twitter claimed that the issue stemmed from its tailored audiences program allowing advertisers to serve ads using their own marketing lists containing numbers and emails of people. However, as the program progressed, the company noticed that when advertisers uploaded their list, the users were matched with numbers and emails they had uploaded for two-factor authentication.
No clarity on how many users have been impacted
Twitter has stated that the bug occurred 'unintentionally' and was fixed on September 17. The company also apologized for the issue, clarifying that no personal information from the users' account was shared with the third-party advertising partners. It also gave reassurances to prevent such an issue from occurring again, but it still remains unclear how many people have been impacted by this error.
Twitter has been involved in security lapses lately
It should be noted that this isn't the first time that these tech giants have shown apathy towards our data. Facebook has been embroiled in major security issues, but Twitter has also had some problems. In 2018, the company had admitted to storing passwords of 330 million users in plain text and leaking phone numbers. It had even compromised the location data in May.
