Twitter has apologised after misusing personal data for advertising purposes.

Twitter said that it “unintentionally” used phone numbers and email addresses for advertising purposes even though the information was provided by users for two-factor authentication.

No personal data was shared with the company’s third-party partners and said the “issue that allowed this to occur” has been addressed.

Twitter added that phone numbers and email addresses were now only collected for security purposes.

The company said in a statement: “We cannot say with certainty how many people were impacted by this. We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”

The email addresses and phone numbers provided for security reasons, such as two-factor identification, were exposed through its Tailored Audiences and Partner Audiences advertising systems.

Twitter added: “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes.”

A secondary email address and phone number is added to an account by users to help secure their accounts. If a user logs into their Twitter account on a new PC, the company will send an email or text to your secondary email or phone number to confirm its you.

These additional email and phone numbers are not supposed to be passed on to other companies to be used for advertising or other purposes.

This poses a huge problem for Twitter in terms of trust and user confidence.

Breach

The company said they did not know how many people were affected by this breach but it has on average, 139 million daily users.

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for hackers to gain access to your accounts.

“Tailored Audiences” is a version of an industry-standard product that allows advertisers to target ads to customers based on the advertiser’s own marketing lists, whereas  “Partner Audiences” allows advertisers to use the same “Tailored Audiences” features to target ads to audiences provided by third-party partners.

Statement

Twitter added in its statement: “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize.”

This is not the first time Twitter has come under fire for a privacy lapse.

Last year, Twitter asked its users to change their passwords across its services after it discovered a bug that stored passwords in plain text in an internal system.

In August this year, hackers broke into Twitter CEO Jack Dorsey’s account and posted a flurry of rogue tweets, including racial slurs.

The micro-blogging platform then secured Dorsey’s account which became victim of ‘SIM swapping’ or ‘SIM jacking’ where a mobile number is transferred to a new SIM card.