Privacy scandals involving large social media companies are becoming more frequent nowadays. This time, web application security specialists report that the phone numbers used for multi-factor authentication and email addresses linked to the Twitter users accounts were “inadvertently” used for advertising purposes. The alleged error was revealed on the company’s official blog.
In their post Twitter points out that it is not yet possible to determine the scope of the incident, so it was decided to inform all users. “Personal data protected by Twitter has not been and will never be shared externally with our partners or any other third party,” the company’s message adds.
But what exactly happened here? According to web application security experts, when advertisers uploaded their marketing lists to Twitter, this information could have been matched with users of the social network based on their email addresses and phone numbers. Apparently, Twitter had known about this since September 17th.
“We deeply regret that this has happened. Right now our teams are taking the necessary steps to make sure this doesn’t happen again in the future,” Twitter’s message concludes.
Although Facebook and its various services usually steal the first page of the newspaper with such incidents, Twitter has also been wrapped in some security and privacy scandals recently. A couple of months ago the Twitter account of Jack Dorsey, CEO of the company, was hacked by an unidentified threat actor to post messages of racist and ultra-nationalist content.
According to web application security specialists from the International Institute of Cyber Security (IICS), Dorsey’s account was hacked exploiting functionality on Twitter that allowed users to send text messages (SMS) to post a tweet when not having access to the app or website. Some members of the cybersecurity community had already pointed out the security deficiencies in that feature; still, the social network started correcting these flaws until its CEO was hacked.