Twitter has confirmed that it is under investigation by the US Federal Trade Commission (FTC) for potentially misusing people's personal information to serve ads, adding that it faced fines of $150 million to $250 million (€127.5 million to €212.5 million).
In a corporate filing, Twitter disclosed that the FTC began the investigation last October after it had linked a database of its users’ personal information, which it had for security purposes, with a system used by advertising partners.
The action, which Twitter said was inadvertent, may have violated a 2011 agreement that the company signed with the FTC over consumer privacy.
At the time, Twitter had agreed to a settlement with the agency after hackers had gained administrative control of the social media service on multiple occasions. Under the agreement, Twitter was restricted from misleading people about the measures it took to protect their security and privacy.
An FTC spokeswoman declined to comment on the investigation. Brandon Borrman, a Twitter spokesman, said the company was contacted by the FTC after it reported quarterly financial results on July 23rd. The investigation was disclosed in accordance with "standard accounting rules" and was included in a filing with the Securities and Exchange Commission, he added.
Two-factor authentication
Twitter encourages people to provide their phone numbers so that it can add a second step to the login process, called two-factor authentication, which ensures that users receive a text message before gaining access to their own account.
But the phone numbers also ended up in a system that allowed advertisers to tailor their ads to specific audiences, the company said. It was unclear how many people were affected, Twitter said.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” the company said in an October blog post that disclosed the incident.
Twitter's security practices have recently been under scrutiny for other reasons. Last month, hackers took over dozens of Twitter accounts and sent tweets from the accounts of prominent individuals, including former US president Barack Obama and reality television star Kim Kardashian West, to gain bitcoins. – New York Times