Twitter is expecting a $250 million fine for misleading users over data use

Twitter has revealed it is expecting a $250 million (£192 million) fine from the US Federal Trade Commission (FTC) for misleading users over the use of their data.  

The social media giant used phone numbers and emails for targeted advertising between 2013 and 2019, the FTC alleges.  

Twitter had already admitted to email addresses and phone numbers being used for advertising purposes last year but said it was done inadvertently.   

Twitter generally requests users’ phone numbers and emails for security purposes, including two-factor authentication. 

The company is already recovering from a high-profile security breach last month, which it said could have an ‘adverse impact’ on business and reputation. 

Scroll down for video 

The US Federal Trade Commission is probing Twitter Inc for alleged violations of a law that prevents the social network from using personal data provided for security purposes to target ads

‘On July 28, 2020, the Company received a draft complaint from the Federal Trade Commission (FTC) alleging violations of the Company’s 2011 consent order with the FTC and the FTC Act,’ Twitter said in its 10-Q filing with the US Securities and Exchange Commission. 

‘The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019. 

‘The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.’ 

According to the filing from Twitter, the FTC’s complaint, lodged last month, could result in a loss of between $150 million and $250 million. 

The FTC allegation followed the announcement of Twitter’s Q2 financial results, released the week prior on July 23.

‘We received a draft complaint from the FTC alleging violations of our 2011 consent order,’ the company told MailOnline. 

Pictured, Twitter CEO and co-founder Jack Dorsey. According to a regulatory filing from Twitter, the FTC's complaint, lodged last month, could result in a loss of between $150 million and $250 million

Pictured, Twitter CEO and co-founder Jack Dorsey. According to a regulatory filing from Twitter, the FTC’s complaint, lodged last month, could result in a loss of between $150 million and $250 million

‘Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3.’  

The imposed fine results from a violation of an agreement with the FTC in 2011 to no longer mislead its users over the use of personal information. 

Before the agreement was signed, the FTC alleged that ‘serious lapses’ in Twitter’s data security allowed hackers to obtain unauthorised control of the site.

This included access to non-public user information such as messages, tweets that consumers had designated as private and the ability to ‘send out phoney tweets from any account’.  

Twitter disclosed the practice of using phone numbers and emails for advertising last October but said it was done ‘inadvertently’ and apologised for the ‘error’. 

‘We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication),’ it said in a blog post at the time. 

‘This data may have inadvertently been used for advertising purposes, specifically in our and Partner Audiences advertising system.’

Twitter didn’t reveal how long the practice had been going on for in the post.  

On Twitter, phone numbers were intended to set up two-factor authentication, to help users secure their account from would-be hackers.

If a password is entered incorrectly too many times or Twitter detects a sign-in on a new device that hasn’t been associated with one’s account, the company sends a code to a registered phone number or email address.

However, the company revealed that it inadvertently used the information to help match users’ accounts with stores they may shopped at.

This allowed ad partners that had access to a person’s phone number – such as a retailer with a rewards program – to match that number with a customer’s Twitter account and advertise directly on the platform.

Twitter said that around 130 accounts were affected in a high-profile hack towards the end of July

Twitter said that around 130 accounts were affected in a high-profile hack towards the end of July

‘When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,’ Twitter said back in October. 

‘This was an error and we apologise.’          

Twitter’s privacy policy reads: ‘We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both.’ 

The news regarding targeted advertising follows Twitter’s high-profile security breach last month, which targeted 130 user accounts.  

Twitter said it is ‘continuing to assess what other malicious activity the attackers may have conducted’  in this week’s filing to the US Securities and Exchange Commission.  

TWITTER REELS FROM HIGH-PROFILE USER HACK 

Twitter confirmed in July that some 130 accounts were hacked during the most serious breach of its security in history.

Joe Biden, Bill Gates, Barack Obama and Elon Musk were among those targeted, with the hackers posting messages on their accounts suggesting followers make ‘donations’ via Bitcoin.  

Millions of followers were told that, that in the spirit of generosity, they would double anyone’s Bitcoin ‘for the next 30 minutes’.

Some were duped, sending Bitcoin payments and expecting a double return that never arrived. 

It was reported that the hacker had gained access to a Twitter ‘admin’ tool on the company’s network, which allowed them to hijack high-profile Twitter accounts. 

Jack Dorsey, CEO of Twitter, said everyone at the company ‘feels terrible’ about the breach.

‘Tough day for us at Twitter. We all feel terrible this happened,’ he tweeted on July 16. 

Hackers involved in the high-profile hijacking of Twitter accounts were a group of young pals with no links to state or organized crime, according to one report.

The attack, investigated by Twitter and the FBI, started with a playful message between hackers on the platform Discord, a chat service popular with gamers, according to the New York Times.

Cybersecurity experts were stunned by the startling revelation that the breach, unprecedented in scale for the social media site, seemingly amounted to youthful hijinks.   

In a new filing to the US Securities and Exchange Commission in early August, Twitter said the breach ‘may have harmed the people and accounts affected by it’. 

‘It may also impact the market perception of the effectiveness of our security measures, and people may lose trust and confidence in us, decrease the use of our products and services or stop using our products and services in their entirety. 

‘It may also result in damage to our reputation, loss of accounts, loss of content or platform partners, loss of advertisers or advertising revenue, or legal and financial exposure, including legal claims, regulatory inquiries or other proceedings. 

‘Any of these effects could have a material and adverse impact on our business, reputation and operating results.’

 

Leave a Comment