By Kate Cox
Aug 4, 2020 9:20am
Twitter is facing a Federal Trade Commission probe and believes it will likely owe a fine of up to $250 million after being caught using phone numbers intended for two-factor authentication for advertising purposes.
The company received a draft complaint from the FTC on July 28, it disclosed in its regular quarterly filing with the Securities and Exchange commission. The complaint alleges that Twitter is in violation of its 2011 settlement with the FTC over the company’s “failure to safeguard personal information.”
That agreement included a provision banning Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” In October 2019, however, Twitter admitted that phone numbers and email addresses users provided it with for the purpose of securing their accounts were also used “inadvertently” for advertising purposes between 2013 and 2019.
In the filing, Twitter estimates the “range of probable loss” it faces in the probe is between $150 million and $250 million, although it adds that “the matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.”
A common problem
Twitter is not the first social media firm to be investigated for exploiting personal information users provided for security reasons. Last year, the FTC levied a record $5 billion fine on Facebook for repeated privacy violations.
Facebook in 2018 not only started pushing notifications to the phone numbers users provided for 2FA purposes but also was found to be using those numbers for a shadow profile which was used to connect other individuals and advertisers to you.
The bulk of the fine related to Facebook’s actions in the Cambridge Analytica scandal, but the FTC also included in its settlement allegations of exactly the same actions Twitter is now accused of. Facebook also settled with the FTC in 2011 over allegations that it misused users’ data, and its use of personal information provided to it for security purposes was found to violate that agreement.
* This article was automatically syndicated and expanded from Ars Technica.