Facepalm: Twitter this week said it recently realized that some e-mail addresses and phone numbers submitted for account security purposes (two-factor authentication, for example) may have actually been used for targeted advertising purposes.

Specifically, Twitter’s Tailored Audiences and Partner Audiences advertising systems may have been leveraged in the scheme. These programs allow advertisers to target ads to customers based on either their own custom contact lists or those provided by a third party.


Twitter said that when an advertiser uploaded their marketing list, they “may have” cross-referenced e-mail addresses and phone numbers in their database (those provided for security purposes) with advertisers’ marketing lists. If a match is made, that’s a strong indicator that you are more likely to engage with an advertiser's marketing messages. Thus, that advertiser goes out of its way to make sure you get its messages.

The concern here is two-fold. First, those e-mail addresses and phone numbers weren’t provided for advertising use but rather, security. Furthermore, and perhaps more worrisome, is the fact that cross-referencing could be used to uncover the identity of Twitter users that wish to remain anonymous.

Twitter said it isn’t sure how many people were impacted by this activity but noted that “no personal data was ever shared externally with our partners or any other third parties.” As of September 17, Twitter put a stop to the practice.

Masthead credit: Twitter logo by Tero Vesalainen