Early Prime Day Deals Laptop Recommendations AT&T vs. Xfinity Prime Day Deals on TVs 4th of July Sales Best iPhone VPN 2023 Acura Integra Review Best Fitbits

Twitter to Pay $150 Million Fine Over Using Phone Numbers for Targeted Ads

FTC says personal data collected by Twitter for security purposes was also used for targeted advertising.

Blue Twitter logo with bird displayed on phone against a pink background
Sarah Tew/CNET

Twitter is paying a $150 million penalty as part of a settlement over the US Federal Trade Commission's allegations that it used account security data like phone numbers and email addresses to target advertising at users. 

The company had told users their phone numbers and emails would be used to protect their accounts with two-factor authentication, but then also used them for advertising purposes between 2014 and 2019, the FTC said Wednesday.

"Twitter obtained data from users on the pretext of harnessing it for security purposes, but then ended up also using the data to target users with ads," FTC Chair Lina Khan said in a statement. "This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue."

The conduct violated the FTC Act and the 2011 Commission Act. It also violated the EU-US Privacy Shield and the Swiss-US Privacy Shield agreements, according to the FTC.

Twitter said some of the data was "inadvertently" used for advertising purposes.

"Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way," Twitter said in a blog post. "In reaching this settlement, we have paid a $150M penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people's personal data remains secure and their privacy protected."

Along with agreeing to pay the $150 million penalty, Twitter is prohibited from "profiting from deceptively collected data" and must allow users to use other two-factor methods like security keys and apps. Twitter must also notify its users that it misused their personal data.