Twitter users’ 2FA info found its way to advertisers

Twitter this week disclosed that it gave advertisers access to email addresses and phone numbers that users had supplied to the social media messaging platform, originally for two-factor authentication purposes. The company is asserting that this practice was inadvertent.

In an online post, Twitter acknowledged that data intended for "safety or security purposes" went to participants in its Tailored Audiences and Partner Audiences advertising systems. The former allows advertisers to target their messaging to customers using their compiled marketing lists, while the latter enables them to develop targeted advertisements for audiences provided by third-party partners.

"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," Twitter states in its post.

Twitter says it does not how many people were impacted by the unauthorized sharing of contact data. "No personal data was ever shared externally with our partners or any other third parties," the company disclosure states, adding that, as of Sept. 17, it has discontinued the practice, after addressing "the issue that allowed this to occur."