Twitter, on Tuesday, disclosed it had allowed some users’ personal information, including email addresses and phone numbers, to be “inadvertently” used for advertising purposes through its “Tailored Access” program.
The company said no personal data was shared with its third-party partners, and the issue that allowed the misuse of personal information to occur had been addressed as of Sept. 17. The social media platrform did not know how many users were affected.
“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” Twitter said in a statement.
The Tailored Audiences program was rolled out in late 2013 and let advertisers target customers based on the advertiser’s lists of emails or phone numbers.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” Twitter said.
The personal information, uploaded as part of two-factor authentication, was designed to make accounts more secure.
Last year, Facebook acknowledged it was using phone numbers, submitted as part of “two-factor authentication” systems, to let advertisers target users. Facebook was fined $5 billion by the Federal Trade Commission for various privacy failures and ordered to stop using phone numbers among other improvements to security oversight.
In May 2018, Twitter disclosed it had been storing user passwords in an unmasked form on an internal log, and suggested users change their passwords as a precaution, but the company said, at the time, that no information was misused. This summer, Twitter chief executive officer Jack Dorsey’s personal account was hacked by a group called the “Chuckle Squad” that sent offensive messages to Dorsey’s 4.2 million followers.
The company’s stock was down 0.5% in mid-morning trading Wednesday.