View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 9, 2019

Twitter: Whoops – We “Inadvertently” Used Your 2FA Details for Marketing

"We cannot say with certainty how many people were impacted by this"

By CBR Staff Writer

Ireland’s data commissioner says it is trying to “establish further details” from Twitter, after the company this week admitted it had “inadvertently” used users’ phone numbers and emails – provided for 2FA security purposes – to help serve targeted ads.

In an undated notice tucked away on its help centre page, Twitter said “we cannot say with certainty how many people were impacted by this”.

Twitter 2FA Apology: Follows Facebook’s Fine

The company is the latest social media platform to be caught deploying users’ personal details for purposes they have not explicitly agreed to.

Facebook was hit with a record $5 billion fine by the US’s FTC in July for privacy abuses that included exactly the same thing. As part of the Department of Justice’s requirements in a 20-year settlement was a blanket ban on the practice.

Twitter’s European operations are headquartered in Ireland and any European data breaches are the responsibility of Irish data commissioner.

Its office told Cmputer Business Review: “Twitter has contacted us in relation to this issue and we are currently engaging with them to establish further details.”

Read More: Facebook Fined a Record $5 Billion – FTC Commissioner Slams “Blanket Immunity” for Zuckerberg, Sandberg

Twitter said in the post that it had “recently discovered,” that when users had provided the platform with mobile numbers and email address in order to reinforce their personal security, it was matching those details with third-party marketing lists.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Twitter are maintaining that this was not intentionally done stating that “This data may have inadvertently been used for advertising purposes.”

See also: Rolling Out 2FA: The Simple Step Your Business Should Take to Improve Security

Twitter touts its ‘Tailored Audiences’ feature to advertisers, which helps marketers target specific Twitter users.

Company typically come armed with a marketing database that often contains email or mobile numbers they have independently collated.

Twitter admitted that: “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes.”

Twitter Data Breach Uncertainty

According to them the Twitter 2FA issue is fixed as of September 17, 2019.

The company doesn’t say why the personal data was not in a segregated location or system, or why users were not notified that this may happen, simply commenting cryptically: “We have addressed the issue that allowed this to occur.”

In the European Union this issue, if investigated, will most likely be handled by the Irish Data Protection Commissioner Helen Dixon, who is already in the process of deciding a decision against Facebook and Twitter regarding previous data breaches.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.