20 September 2019
Twitter has disclosed that it "inadvertently" used phone numbers and email addresses provided by users for two-factor authentication (2FA) to offer targeted ads. It is referring to the situation as an error that led to user data meant for authentication purposes getting used for Twitter's Tailored Audiences and Partner Audiences advertising systems.
This definitely does not look good and in the words of Twitter, here is exactly what happened:
"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes."
It is hard to say how many users were affected by this blunder as Twitter says it has no idea about the same. It means there is no publically known method to check if you were one of the affected users. It does mention that the issue was fixed on September 17th and as of now, it is not using a user's mobile number or email address for serving personalized advertisements.
If you might remember, this is exactly the same thing Facebook was caught doing last year. It went on to say that if users did not want this to happen, they should not make use of phone number-based two-factor authentication. The same thing can be done with Twitter as well but if you still want to use the method, we would suggest going for a two-factor authentication method based on authenticator apps.