Twitter has Shared User Emails and Phone Numbers With Advertisers

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Twitter has admitted to having provided email addresses and phone numbers of its users to advertising partners. These third parties have received the users’ sensitive security data by mistake, and Twitter published an apologetic message for this error. Moreover, they have clarified that they can’t tell how many people were impacted by this incident, so they are publishing it widely in an effort to at least be transparent about it. The problematic configuration was corrected on September 17, 2019, so if you have created your Twitter account after this date, you are safe.

As the social media giant explains, they have used this data to confirm that their “Partner Audiences” and “Tailored Audiences” advertising systems were used in a secure context, targeting the people they were meant to. However, email addresses and phone numbers can easily compromise accounts that are protected from attackers with two-factor authentication steps, so this was a catastrophic mistake. There are other ways to authenticate a user, and email addresses and phone numbers shouldn’t be Twitter’s first, or even hundredth choice. Almost a month back, the account of Twitter’s CEO, Jack Dorsey, was taken over by SIM-swapping actors, which served as the perfect example of the dangers that sharing phone numbers entail.

A week after that high-profile incident, Twitter announced that some of their users’ data might have been shared with advertising partners without their permission. However, they specifically clarified that no sensitive information was involved in this unauthorized sharing of data. This could be an unrelated event, as Twitter assured us that they fixed the problem then. Possibly, they realized the additional misconfigurations later on, as their investigation unfolded and uncovered more problematic points.

Error or not, this incident serves as yet another example of why giant tech companies cannot be trusted with people’s data. The recent events will most probably push the US Federal Trade Commission to launch an investigation on what exactly happened, likely resulting in the imposition of a hefty fine. Of course, for the users who now have their phone numbers and email addresses shared with so many third parties, the damage has been done. If you want to at least try to do something to protect your data in the future maybe, go ahead and check your personalization and data settings, and uncheck all boxes that you’ll find there.

Do you still trust Twitter, or do you prefer to use a different social media platform? Let us know of your preference in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: