Twitter “inadvertently” used phone numbers and email addresses of users which were used for account security purposes to target ads, the company said on Tuesday.
Twitter “inadvertently” used phone numbers and email addresses of users which were used for account security purposes to target ads, the company said on Tuesday.
Phone numbers/Email addresses submitted during Two-Factor authentication is mostly used in getting access to our accounts, making it insecure.
“We recently discovered that when you provide an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently used for advertising purposes, specifically in our Tailored Audiences and Partner audiences advertising system.” reads a post published by Twitter.
The problem was addressed on September 17, 2019.
Two-factor authentication
Phone number is to be used only for two-factor authentication, but Twitter has been used for more. Two-factor authentication is a very important security feature which makes the malicious actors difficult to break into user accounts. Users share email addresses and phone numbers with the company for safety and login verification purposes, such as two-factor authentication, which allows people to receive a one-time code that they input along with their password in order to access their account.
Most of them use their phone number as two-factor authentication which makes it far more vulnerable to interception and SIM swapping attacks. Users should intend to switch to Twitter’s authenticate-based two—factor.
Twitter's response
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties,” added Twitter.
“We are very sorry this happened and are taking steps to make sure we don’t make a mistake like this again”.
Twitter and Facebook on same boat
Earlier this year, Federal regulators penalised Facebook with $5billion fine for using phone numbers and email addresses submitted for two-factor authentication, to target advertising. In addition, also prohibited from using the phone numbers it obtained for setting up two-factor for advertising.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: EX – YAHOO EMPLOYEE SNEAKS INTO 6000 ACCOUNTS FOR SEXUAL CONTENT