Twitter used 2FA phone numbers for targeted advertising

By John E Dunn, Sophos

October 10, 2019

Does Twitter know your email address and your phone number?

Depending on how long ago you started using Twitter, it’s a near certainty the company has at least one of these – the email address – because people often hand that over when registering.

As for phone numbers (usually mobile numbers) these are entered to enable Twitter’s two-factor authentication (2FA) security, Login Verification.

We mention this because Twitter this week made the you have to be kidding admission that it might have “inadvertently” handed this data from some users to advertisers as part of the company’s Tailored Audiences system that targets users’ feeds with ads.

As apologies go, this one is unsatisfactory, particularly if you like Twitter but think ‘targeted’ ads sound intrusive:

We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.

Twitter glosses over some of the detail so let’s explain how Tailored Audiences is supposed to work.


As many Twitter users will already know to their chagrin, Twitter posts ads to people’s feeds in the form of Promoted Tweets.

The advertiser logs into their ad account, chooses the Twitter demographic it wants to reach (country, language, device type, gender, and people who’ve tweeted about topics that interest the advertiser). The ad then appears in the feed of users meeting these criteria.

However, Twitter’s admission relates to a second type of targeting that sounds incredibly similar to what Facebook was accused of doing a year ago – allowing advertisers to match Twitter’s data to their own databases not simply to target uses but, hypothetically, to identify them too.

Terms of Use | Copyright © 2002 - 2019 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement