The numbers to verify two factors were used for ads
Twitter is asking users to provide their phone numbers and email addresses to set up two-factor authentication, a feature that certifies a connection attempt by sending a unique password to the account holder number.
The method helps to protect your accounts from violations, but in this case, Twitter says that the numbers / emails given for 2FA were used for targeted advertising.
How were the phone numbers used?
Twitter, analyzing the error in one blog post, claimed it came from its tailored audiences program, which allows advertisers to display ads using their own marketing lists containing numbers and email addresses of people.
However, as the program progressed, the company found that when advertisers uploaded their list, users were linked to the numbers and emails they had downloaded for two-factor authentication.
Twitter said the error was "unintentional" and corrected on September 17.
The company also apologized for the issue, stating that no personal information from their accounts users has not shared with advertisers and has committed that there will be no similar incident in the future.
However, Twitter did not say how many people have been affected by this error.
It should be noted that this is not the first time the social network has been involved in cases security.
2018, the company had admitted storing 330 millions of users' passwords in plain text and leaking phone numbers, and had also breached location data last May.