Twitter used people’s private information to help third-party advertisers target the right users by mistake, the company said in an announcement. The social media firm claims that it stopped this practice, but it makes no mention of what happens now with the data already used.
This blog is regularly advising people to use multi-factor authentication and other measures to enhance the security of their online accounts. Losing your Twitter account to someone from the other side of the planet is never fun, but securing your credentials makes your data safe. Or so Twitter led people to believe.
Twitter, like any other social network, makes its money from advertising. Two programs, Tailored Audiences and Partner Audiences, offer third-party companies a way to target people who have already expressed some interest in certain products. It made sense from a business perspective, but what happened next didn’t.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” Twitter said in the announcement.
Users’ phone numbers and emails, especially the ones provided for security purposes, should remain private. But Twitter used that data to target people with ads, without their consent.
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” the company added.
To sum up the situation. Twitter says it used phone numbers and email addresses from an unknown number of accounts to help an unknown number of companies target people with ads.
There’s some good news, if we can call it that. As of September 17th, this practice is no longer in use. The company says anything collected for security purposes is no longer used for advertising.
The flip side is that Twitter offered advertising companies really good telemetry, and there may be no turning back from that.
Twitter was in hot water before when a report unveiled that the passwords for all the accounts were logged in plaintext before being hashed, prompting the company to advise everyone to change their credentials immediately.