- Twitter admitted a colossal blunder, as they were sharing user sensitive data with numerous third parties.
- This comes only a month after the recent discovery of a similar incident, so it could be related.
- The FTC will definitely hop in now, and large fines are bound to hit Twitter for what they’ve done.
Twitter has admitted to having provided email addresses and phone numbers of its users to advertising partners. These third parties have received the users’ sensitive security data by mistake, and Twitter published an apologetic message for this error. Moreover, they have clarified that they can’t tell how many people were impacted by this incident, so they are publishing it widely in an effort to at least be transparent about it. The problematic configuration was corrected on September 17, 2019, so if you have created your Twitter account after this date, you are safe.
As the social media giant explains, they have used this data to confirm that their “Partner Audiences” and “Tailored Audiences” advertising systems were used in a secure context, targeting the people they were meant to. However, email addresses and phone numbers can easily compromise accounts that are protected from attackers with two-factor authentication steps, so this was a catastrophic mistake. There are other ways to authenticate a user, and email addresses and phone numbers shouldn’t be Twitter’s first, or even hundredth choice. Almost a month back, the account of Twitter’s CEO, Jack Dorsey, was taken over by SIM-swapping actors, which served as the perfect example of the dangers that sharing phone numbers entail.
A week after that high-profile incident, Twitter announced that some of their users’ data might have been shared with advertising partners without their permission. However, they specifically clarified that no sensitive information was involved in this unauthorized sharing of data. This could be an unrelated event, as Twitter assured us that they fixed the problem then. Possibly, they realized the additional misconfigurations later on, as their investigation unfolded and uncovered more problematic points.
Error or not, this incident serves as yet another example of why giant tech companies cannot be trusted with people’s data. The recent events will most probably push the US Federal Trade Commission to launch an investigation on what exactly happened, likely resulting in the imposition of a hefty fine. Of course, for the users who now have their phone numbers and email addresses shared with so many third parties, the damage has been done. If you want to at least try to do something to protect your data in the future maybe, go ahead and check your personalization and data settings, and uncheck all boxes that you’ll find there.