Twitter Misused Private Security Info to Help Advertisers

A sign is posted on the exterior of the Twitter headquarters on February 5, 2014, in San Francisco, California.
Photo: Justin Sullivan / Getty

Twitter says it inadvertently used private information, provided by users for the purpose of protecting their accounts, to help companies target them with ads.

Users provided Twitter with their phone numbers and email addresses in order to enable certain security features, such as two-factor authentication, to prevent their accounts from being hijacked. Twitter, in turn, used that information to help advertisers reach specific audiences, the company said in a statement on Tuesday.


“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties,” the company said.

The personal data was used in Twitter’s “Tailored Audiences” advertising system, which allows companies to upload lists of phone numbers and email addresses of people they wish to target with ads. Twitter then matches the lists with its own internal records.

Twitter said the error that allowed the security information to be used was fixed as of September 17. It did not say how long the error was ongoing. A company spokesperson said it had nothing further to share regarding the timeline beyond what’s in its statement.


“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” it said in a statement.

Twitter is not the first social media company to use contact information provided by users for security purposes in order to make money. Gizmodo revealed that Facebook was intentionally doing so last year.


Share This Story

Get our newsletter

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: | Send me encrypted texts using Signal: (202)556-0846

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD