Twitter is so sorry it 'inadvertently' used your 2FA phone number for ads

Twitter is, like, super sorry. 

The company announced today that it may have, by mistake, it promises, “inadvertently” used phone numbers submitted by some users for the intended purpose of account security to better target those users with ads. Oops!

Specifically, the company said that the email and phone numbers uploaded by some Twitter users for two-factor authentication had somehow ended up in its Tailored Audiences and Partner Audiences advertising systems. 

What does that mean, exactly? Well, let’s let Twitter explain. 

“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” explains the company’s blog post. 

This, dear reader, is not good. Exploiting a security feature — even unintentionally — to target people with ads is bound to erode users’ trust in said security feature. In other words, people might think twice about securing their accounts with 2FA if they fear Twitter is simply going to use that for other invasive purposes. 

Notably, there appears to be no way to determine if your email or phone number was misused in this way.

“We cannot say with certainty how many people were impacted by this,” notes Twitter, “but in an effort to be transparent, we wanted to make everyone aware.” 

This is not the first time a social media company has abused information ostensibly gathered for purposes of locking down accounts. In February of last year, Facebook spammed some users with text messages via the phone number they had uploaded to secure their account. 

But back to Twitter. 

“We’re very sorry this happened,” insists the above-linked blog post. 

So are we, Twitter. So are we.