Twitter has disclosed that it unknowingly used user credentials like phone numbers and e-mails for targeted advertising.
The statement was made in an official blog-post released on Tuesday, 8 October. The social media site confessed that the phone numbers and e-mails its users extended for security purposes such as 2-factor authentication were found being used “inadvertently” for ads.
Twitter holds that the culprits are their Tailored Advertising and Partner Audiences systems, which were set in place to facilitate targeted advertising on the site.
Tailored Audience is a system through which advertisers can use their own marketing lists made up of credentials such as phone numbers, e-mail addresses, or @handles to target ads at specific users. In other words, the data belongs to the advertiser in question, instead of a third party.
On the other hand, Partner Audiences makes the use of data from third-party services to compile marketing lists.
At the moment, Twitter is unsure about the number of users affected by this slip-up.
How twitter ads really work
Twitter is reportedly having over 321 million monthly active users, However, from Q2 2019, the social media platform has stopped reporting the total number of its active user base. Instead, it disclosed only the monetisable active users – which makes more sense for advertisers. Twitter’s average monetizable daily active user base was 139 million by the end of Q2 2019, up 5 million sequentially and up 14% compared with 122 million in the same period a year ago
Twitter has maintained considerable transparency about how it advertises and the way advertisements reach an audience. Despite this, some might still feel uneasy about the full scope of methods used to pin down an audience.
Twitter advertises mainly through Promoted Tweets, Promoted Accounts, and Promoted Trends.
Each and every users’ activities get tracked. This largely includes Tweets, search history, following lists, accounts & tweets one interacts with, device location (if available) and IP address, as well as other device apps. The purpose behind this is to gain a full picture of a user’s habits. However, Twitter also uses data collected from third parties, collected by tracking activities such as sites one visits, or their actions across various different devices.
Nonetheless, it seems users still have some control over the use and tracking of their data. Twitter updated its privacy policies in 2018 in compliance with the General Data Protection Act (GDPR).
Not the first breach of trust for Twitter
This blunder isn’t the first breach of trust Twitter has made.
Earlier this year, Twitter admitted to having a bug from 2014 that left private tweets exposed for more than 4 years.
Another bug in 2018 stored user passwords in plaintext before they got encrypted by the system.
Such privacy issues have become great causes for concern in recent times, in light of growing awareness about the kinds of effects leaked data can have. The Facebook Cambridge Analytica Scandal was one such alarming example. It showed that misused data could very well influence the election of a political candidate. Another such example is the recent leak of the data of almost all citizens of Ecuador.
Regarding the issue at hand, Twitter stated that it has been resolved as of September 17, 2019. It also expressed deep apologies for the oversight. It guarantees that none of the users’ data reached external sources.