A friendly reminder: every time you give your data to a company, no matter what they say it’s for, it could end up being used for other purposes—specifically, other profit-driven purposes.
For example: On Tuesday, Twitter said in a statement that it accidentally ingested phone numbers and email addresses collected for security measures like two-factor into two of its advertising systems, called Tailored Audiences and Partner Audiences. The company didn’t give the information directly to marketers, but used it to help them target ads to Twitter users. Twitter stopped the data bleed on September 17, three weeks before coming forward about it. It’s not clear for how long the improper sharing had taken place prior, and Twitter says it doesn’t know how many users were affected.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” the company wrote in its statement. “We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”
Bugs and mistakes happen, but when it comes to misuse of information users provide for security services, it’s becoming obvious that companies aren’t prioritizing user privacy and security ahead of their business goals.
Source : Wired.com