Twitter Utilized User 2FA Phone Numbers For Ad Targeting
Twitter isn’t having a good year. Over the past twelve months, the company has fessed up to half a dozen bugs and blunders that have left the company with egg on their faces and have earned the ire of their burgeoning user base.
In late 2018, the company disclosed a bug that shared a variety of private user data with third party app developers.
Then in January 2019, the company disclosed the existence of a bug that had been sharing a small percentage of private tweets going back more than five years.
Then in May 2019, the company disclosed a new bug that shared the location data of an unknown number of iOS users with “a trusted partner.”
On top of that, the month of August 2019 saw the company fess up to two separate issues. One issue involved sharing user data with advertising partners without their users’ express consent. The other was where advertisers made inferences about a user’s device in order to custom-tailor advertising. That, again, was without the express consent of the users.
Which brings us to this most recent blunder. According to a spokesperson for Twitter, the company used phone numbers provided by its user base for two-factor authentication, along with email addresses, to display targeted ads. This is the exact behavior that Facebook recently got raked over the coals for.
It gets worse though, because the company apparently has no data, and no way to tell exactly how many of its users saw their information exposed and misused in this manner.
The company issued a formal statement, apologized for the error, and said that the issue had been fixed as of September 17th. That’s small consolation to their users, for whom this kind of thing is fast becoming the norm. It’s enough to make some people rethink using the platform altogether, and rightly so.