Twitter may face a fine of up to $250 million for using phone numbers and emails from its users to target advertising, according to a new filing with the Federal Trade Commission (FTC).
The social media giant submitted the regulatory filing with the FTC on Tuesday estimating that it could be fined by the federal government between $150 million and $250 million, according to CNN. The FTC alleged in a complaint given to the company last month that Twitter used data “provided for safety and security purposes for targeted advertising during periods between 2013 and 2019.”
In an October blog post, Twitter said it “recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes.” On July 24, the FTC announced that it had settled a case against Facebook over similar charges. Facebook agreed to pay the federal government $5 billion, the largest fine in FTC history.
The filing comes about two weeks after a 17-year-old and two accomplices allegedly hacked dozens of the most prominent accounts on Twitter, including people such as former President Barack Obama, presumptive Democratic presidential nominee Joe Biden, rapper Kanye West, and Tesla CEO Elon Musk. The hack also hit the brand accounts of businesses such as Apple and Uber.
Twitter CEO Jack Dorsey took heat over the security breach that allowed an anonymous hacker to take over more than 100 accounts of the world’s most prominent people. Sen. Josh Hawley (R-MO) wrote to Dorsey after the hack in a July 15 letter:
I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself. As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.
“Please reach out immediately to the Department of Justice and the Federal Bureau of Investigation and take any necessary measures to secure the site before this breach expands,” Hawley continued.
Federal authorities charged 17-year-old Graham Ivan Clark of Florida in the hack on Friday, as well as 22-year-old Nima Fazeli of Florida, and Mason Sheppard of the United Kingdom. Sheppard was 19 when he was charged on Friday, according to The Wall Street Journal.
Clark allegedly gained access to prominent accounts and used each to post a message to send Bitcoin to an online address.
“I am giving back to my community due to COVID-19. All bitcoin sent to my address below will be sent back doubled,” a message repeated across Twitter’s most highly trafficked accounts said. The scam fooled an estimated 400 people, according to federal prosecutors.