Twitter on Tuesday disclosed that it "inadvertently" misused used users' phone numbers and email addresses for ad targeting purposes, even though users gave that information to Twitter to boost their account security.
The disclosure – which apparently came a month after it was resolved by Twitter – is only the latest instance in which a tech company has used phone numbers for advertising purposes.
Earlier this year, the Federal Trade Commission (FTC) said Facebook is "prohibited" from using phone numbers obtained for security purposes for advertising as part of the agency's record-shattering $5 billion settlement with the company.
On Tuesday, Twitter said it is revealing the misuse in "an effort to be transparent."
"We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware," Twitter wrote in a blog post.
The company said it had "addressed" the issue as of September 17 but did not not when it became aware phone numbers and email addresses were being misused.
Users offered the sensitive personal information for safety and security purposes like two-factor authentication. But it was ultimately used by Twitter's ad-targeting system, which allows advertisers to tailor their audiences according to "the advertiser's own marketing lists (e.g., email addresses or phone numbers they have compiled)."
"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes," the company wrote. "This was an error and we apologize."
The FTC settled with Twitter in 2011 over allegations that it had deceived customers and put their personal privacy at risk.
The top social media companies in the country have faced a barrage of privacy scandals over the past several years as consumers become more wary of how their information is being collected and used for advertising purposes. While Facebook has dealt with the highest-profile hacks and breaches, companies like Twitter and Google have faced scrutiny over how they collect and utilize user data.
The U.S. does not currently have a comprehensive federal privacy law, but lawmakers in the House and Senate are working to draw up legislation that would define for companies what they are required to disclose about their data collection practices and how they can utilize information the information they collect about users.