Cyber Security Center

Twitter reveals to have used 2FA phone numbers for advertisement purposes


Twitter has disclosed that their users’ phone numbers were used for ad targeting.

 

Screenshot (95)

Last year, social media Facebook was revealed to have used users’ phone numbers provided for security purposes to make targeted advertisements. Twitter has admitted to have done the same thing, albeit they say it was done unintentionally.

A Twitter bug allowed 2FA phone numbers to be used for ad targeting

When users provided an email address or phone number for security purposes such as two-factor authentication, the data was used for advertising purposes. More specifically, Tailored Audiences and Partner Audiences advertising system.

“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” Twitter said.

Tailored Audience allows advertisers to tailor ads to users based on the advertiser’s own marketing lists, which include compiled email addresses and phone numbers. And Partner Audience allows advertisers to use third-party provided lists to target users. Twitter has admitted that when advertisers uploaded their marketing lists, they unintentionally matched their users to those lists based on the email and phone number, which were provided for security purposes.

“This was an error and we apologize,” the company has said.

The social media giant has not revealed how many people were affected by this. Twitter also claims to have fixed the issue that allowed this to happen, and as of September 17 phone numbers as well as email addresses collected for security purposes will no longer be used for advertising. The company is also quick to reassure that no personal data was shared externally with their partners or third-parties.

Instances like this discourage users from enabling 2FA (two-factor authentication), which is an essential feature to keep accounts safe. If the service provides 2FA, it should always be enabled. However, if there is such an option, using an authentication app is safer than using a phone number. There has recently been an increase in SIM swapping attacks, where attackers trick cell providers into switching phone numbers to them. This allows attackers to bypass phone number 2FA and access accounts. Twitter’s very own CEO Jack Dorsey was a victim of a SIM swapping attack , which allowed hackers to take over his account for a brief period of time.