The company maintained that it never shared “personal data” with partners or other outsiders, and that it had resolved the problem as of September 17th. It’s also “taking steps” to ensure this doesn’t happen again. Twitter didn’t know how many people might have been affected, though, and was reporting this primarily to be “transparent” about what happened.
This isn’t likely to go over well with critics when Facebook caught flak just over a year earlier for using phone numbers for ad targeting. Whether or not Twitter intended to use phone numbers, the effect is the same — it was using sensitive account details for ad targeting without users’ knowledge or permission. Regulators may be concerned enough to take a look, especially since they just finished slapping Facebook with fines for its own less-than-careful approach to user data.