Twitter said on Tuesday that it inadvertently helped advertisers target ads using personal data users provided for account security.
The company said in a statement on its blog that the data used for targeting included email addresses and phone numbers—information likely provided by users to set up two-factor authentication protection for their accounts.
In its statement posted today, Twitter said the personal data in question was used in the “Tailored Audiences” feature it offers advertisers. That feature is similar to Facebook’s “Custom Audiences,” which allows advertisers to upload their own customer lists to find groups of similar prospective customers on the social media site.
“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” the statement reads. “No personal data was ever shared externally with our partners or any other third parties.” The statement said the targeting was an error, and offered an apology.
It wasn’t long ago—August 6 to be exact—that Twitter reported that it might have shared data on people who clicked ads for mobile apps since May 2018 with advertisers and analytics firms, without gaining permission from users. Last year, Facebook also confirmed that it used information provided for two-factor authentication to target ads, as Twitter has now acknowledged doing.