Twitter admits it used two-factor phone numbers and emails for serving targeted ads - 3 minutes read


Twitter admits it used two-factor phone numbers and emails for serving targeted ads – TechCrunch

Twitter has said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to serve targeted ads.

In a disclosure Tuesday, the social media giant said it did not know how many users were impacted.

The issue stemmed from the company’s tailored audiences program, which allows companies to target advertisements against their own marketing lists, such as phone numbers and email addresses. But Twitter found that when advertisers uploaded their marketing lists, it matched Twitter users to the phone numbers and email addresses users submitted to set up two-factor authentication on their account.

The issue was addressed as of September 17, the disclosure said.

Two-factor authentication is an important security feature that makes it far more difficult for hackers to break into user accounts. Although some use their phone number as a way to receive two-factor codes, it’s a method that has long been vulnerable to interception and SIM swapping attacks. Users should instead switch to Twitter’s authenticator-based two-factor.

Twitter finds itself in the same boat as Facebook, which last year was caught using users’ phone numbers and email addresses, which they gave Facebook for securing their accounts, for targeted advertising. The Federal Trade Commission fined the social networking giant $5 billion earlier this year and was prohibited from using the phone numbers it obtained for setting up two-factor for advertising.

For its part, Twitter said its ad targeting was “an error” and apologized.

It’s the latest in a number of security lapses at Twitter in the past year. Last year, the company admitted to storing passwords in plaintext, disclosed a phone number leak bug despite knowing about it for two years, and confirmed a location data leak in May.

In August, Twitter chief executive Jack Dorsey had his own account hacked.

Source: TechCrunch

Powered by NewsAPI.org

Keywords:

AdvertisingTechCrunchTwitterEmailUser (computing)Multi-factor authenticationUser (computing)AdvertisingCorporationSocial mediaUser (computing)CompanyCompanyAdvertisingMarketingEmailTwitterAdvertisingMarketingTwitterUser (computing)EmailUser (computing)Multi-factor authenticationUser (computing)Software project managementMulti-factor authenticationComputer securitySecurity hackerUser (computing)Multi-factor authenticationCryptographyVulnerability (computing)Subscriber identity moduleUser (computing)TwitterMulti-factor authenticationTwitterFacebookUser (computing)EmailFacebookUser (computing)Targeted advertisingFederal Trade CommissionSocial networking serviceMulti-factor authenticationAdvertisingTwitterAdvertisingSoftware bugComputer securityTwitterPasswordPlaintextSoftware bugData breachTwitterJack DorseyUser (computing)