Twitter used people’s private information to help
third-party advertisers target the right users by mistake, the company said in
an announcement. The social media firm claims that it stopped this practice,
but it makes no mention of what happens now with the data already used.
This blog is regularly advising
people to use multi-factor authentication and other measures to enhance the
security of their online accounts. Losing your Twitter account to someone from
the other side of the planet is never fun, but securing your credentials makes
your data safe. Or so Twitter led people to believe.
Twitter, like any other social network, makes its money
from advertising. Two programs, Tailored Audiences and Partner Audiences, offer
third-party companies a way to target people who have already expressed some
interest in certain products. It made sense from a business perspective, but
what happened next didn’t.
“When an advertiser uploaded their marketing list,
we may have matched people on Twitter to their list based on the email or phone
number the Twitter account holder provided for safety and security purposes.
This was an error and we apologize,” Twitter said in the announcement.
Users’ phone numbers and emails, especially the ones
provided for security purposes, should remain private. But Twitter used that
data to target people with ads, without their consent.
“We cannot say with certainty how many people were
impacted by this, but in an effort to be transparent, we wanted to make
everyone aware,” the company added.
To sum up the situation. Twitter says it used phone
numbers and email addresses from an unknown number of accounts to help an
unknown number of companies target people with ads.
There’s some good news, if we can call it that. As of
September 17th, this practice is no longer in use. The company says anything
collected for security purposes is no longer used for advertising.
The flip side is that Twitter offered advertising
companies really good telemetry, and there may be no turning back from that.
Twitter was in hot water before when a report
unveiled that the passwords for all the accounts were logged in plaintext
before being hashed, prompting the company to advise everyone to change their