Privacy scandals involving large social media companies are becoming more frequent nowadays. This time, web application security specialists report that the phone numbers used for multi-factor authentication and email addresses linked to the Twitter users accounts were “inadvertently” used for advertising purposes. The alleged error was revealed on the company’s official blog.
In their post Twitter points out that it is not
yet possible to determine the scope of the incident, so it was decided to
inform all users. “Personal data protected by Twitter has not been and
will never be shared externally with our partners or any other third
party,” the company’s message adds.
But what exactly happened here? According to
web application security experts, when advertisers uploaded their marketing
lists to Twitter, this information could have been matched with users of the
social network based on their email addresses and phone numbers. Apparently,
Twitter had known about this since September 17th.
“We deeply regret that this has happened.
Right now our teams are taking the necessary steps to make sure this doesn’t
happen again in the future,” Twitter’s message concludes.
Although Facebook and its various services
usually steal the first page of the newspaper with such incidents, Twitter has
also been wrapped in some security and privacy scandals recently. A couple of
months ago the Twitter account of Jack
Dorsey, CEO of the company, was hacked by an unidentified threat actor
to post messages of racist and ultra-nationalist content.
According to web application security
specialists from the International Institute of Cyber Security (IICS), Dorsey’s
account was hacked exploiting functionality on Twitter that allowed users to
send text messages (SMS) to post a tweet when not having access to the app or
website. Some members of the cybersecurity community had already pointed out
the security deficiencies in that feature; still, the social network started
correcting these flaws until its CEO was hacked.
