This is such a bad look for Twitter:
“The site said it may have inadvertently used email addresses and phone numbers provided for 2FA and other security purposes to match users to marketing lists provided by advertisers. ”
Privacy and security advocates have enough of a hill to climb to get people to implement something like two-factor authentication, without you giving users a legitimate reason to NOT use it.
For shame Twitter, and every other social media company that uses information that was provided in the name of security, or account recovery, etc. to enhance their marketing efforts. I guess we shouldn’t really be surprised though, that is the business model.
Now, in it’s defense, Twitter says the mixing of the two types of data was “inadvertent”, but that’s one of those things that doesn’t necessarily help me feel better about it. The reason is that somewhere, someone inside of Twitter, made the decision to take the information that had been provided for account security, and match it up with marketing lists. Someone thought that was no big deal. Someone with access to that much information about their users. But what I don’t hear in Twitter’s apology is someone being held accountable for doing it, just a lot of “oops, sorry, we won’t do that any more”, which sounds more like a kid who got caught with their hand in the cookie jar than a company that had any safeguards in place to prevent it to start with. But, that’s just my opinion. Feel free to draw your own conclusions.