Twitter has admitted that it “inadvertently” used an unknown number of email addresses and phone numbers that had been provided by users solely for the purpose of enabling multi-factor authentication, for targeted advertising. The social media firm assured that “no personal data was ever shared externally with our partners or any other third parties.”
Twitter has provided very little information about the breach, but claimed the problem has been resolved “as of Sept. 17.” The company did not explain why it waited almost a month to disclose the incident. Privacy advocates are criticizing Twitter for the breach, with some arguing that the company has abused user data in a similar way as Facebook did in the past, which resulted in the United States Federal Trade Commission (FTC) slapping a record $5 billion fine on the social media giant.