Twitter to Pay $150 Million Fine Over Using Phone Numbers for Targeted Ads

FTC says personal data collected by Twitter for security purposes was also used for targeted advertising.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News | Mobile | Broadband | 5G | Home tech | Streaming services | Entertainment | AI | Policy | Business | Politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert
2 min read
Blue Twitter logo with bird displayed on phone against a pink background
Sarah Tew/CNET

Twitter is paying a $150 million penalty as part of a settlement over the US Federal Trade Commission's allegations that it used account security data like phone numbers and email addresses to target advertising at users. 

The company had told users their phone numbers and emails would be used to protect their accounts with two-factor authentication, but then also used them for advertising purposes between 2014 and 2019, the FTC said Wednesday.

"Twitter obtained data from users on the pretext of harnessing it for security purposes, but then ended up also using the data to target users with ads," FTC Chair Lina Khan said in a statement. "This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue."

The conduct violated the FTC Act and the 2011 Commission Act. It also violated the EU-US Privacy Shield and the Swiss-US Privacy Shield agreements, according to the FTC.

Twitter said some of the data was "inadvertently" used for advertising purposes.

"Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way," Twitter said in a blog post. "In reaching this settlement, we have paid a $150M penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people's personal data remains secure and their privacy protected."

Along with agreeing to pay the $150 million penalty, Twitter is prohibited from "profiting from deceptively collected data" and must allow users to use other two-factor methods like security keys and apps. Twitter must also notify its users that it misused their personal data.