Twitter Admits to Using Personal Info for Targeted Ads

Now that it has come out clean about this gaffe, users may want to watch out for similar other authentication measures that the microblogging site may want in the future

 

Talk about timing! Just when we at Techtree.com wrote about apps wanting users to re-verify their mobile numbers and email addresses, here comes news of Twitter admitting that for long it was using two-factor phone numbers and emails to serve up targeted ads to users – in other words, the social media platform had sold its data to anyone who could afford it.

The microblogging monolith revealed that in a disclosure that it was unaware of how many of its users were affected by this malaise. Of course, it goes on to say that the issue has been addressed as on September 17 and apologizes for the breach (of trust or of security protocols?) and would ensure that it doesn’t happen again.

Before we get into the ethics of things, let’s first understand what exactly happened.

The company runs a tailored audiences program that allows companies to target advertisements by matching user data with their own marketing lists comprising phone numbers and email addresses. The feature, which existed with Twitter and Facebook for some time seems to have allowed advertisers access to data that Twitterati used to set up two-factor authentication of their account.

At first glance, nothing seems to be wrong with this. However, juxtaposed with the fact that two-factor authentication was a security feature meant to ensure that it made hacking tougher, the entire scenario changes. Of course, the use of phones as a receptor of two-factor codes has been questioned by security experts, given that it is vulnerable to interception and SIM swap attacks. Which is where Twitter’s authenticator-based solution came in handy.

However, with the latest revelation, the entire process seems to have been disastrous. On its part Twitter sought to allay fears of data leakage or its sharing without proper user approvals.

“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties. As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising,” Twitter said in its latest post.

The company finds itself in the unenviable position of sharing stage with Facebook which last year faced the ire of users for sharing their phone numbers and email addresses that were provided for securing their accounts. In an article published on TechCrunch.com had quoted Facebook’s admission following a story published on Gizmodo that revealed this practice. Facebook was fined a whopping $5 billion by the US Federal Trade Commission for this.

Twitter has been in the eye of the storm for almost a year now after reports came of the company storing passwords in plaintext and thereafter disclosed a phone number data leak that had been happening for years and then added insult to injury by revealing the leak of user location data earlier in May this year.

Of course, the icing on the cake was Twitter head honcho Jack Dorsey getting his own account hacked!


TAGS: Twitter, Facebook, Data, Leak, Advertising