Twitter’s security practices are again under scrutiny in the wake of a hack of dozens of high profile users last month © AP

Twitter has revealed that it is under investigation by the Federal Trade Commission for improperly using its users’ phone numbers and email addresses to improve ad targeting, saying that it could have to pay a fine of as much as $250m. 

The social media company said in a regulatory filing on Monday that it had received a draft complaint from the agency alleging it violated a promise not to mislead consumers about the security of their data.

The cost of resolving the matter would likely be between $150m and $250m, the filing said. The FTC confirmed the investigation.

In October last year, Twitter admitted that it had “inadvertently” used personal information such as phone numbers and email addresses — provided by users for what they believed to be “safety and security practices” — to better target advertising between 2013 and 2019. 

The San Francisco-based company said at the time that it had used the information to match users to advertisers’ marketing lists. This was “an error”, it said.

The FTC has filed a draft complaint alleging Twitter breached a consent order it signed with the agency in 2011 to resolve previous charges that the company had put users’ privacy at risk. Those charges were levelled after hackers were able to gain access to Twitter’s internal controls, and therefore user accounts, on two separate occasions in 2009.

The consent order compelled the company not to “mislead consumers about the extent to which it protects the security, privacy, and confidentiality” of their data and “establish and maintain a comprehensive information security program”.

The revelation of the FTC investigation comes as Twitter’s security practices are once again under scrutiny in the wake of a hack of dozens of high-profile users last month, including celebrities, politicians and businesses. Some 130 accounts posted messages soliciting bitcoin, while a number of users had their data and private messages stolen, according to Twitter.

On Friday, US authorities charged three individuals in connection with the hack. They included a 17-year-old, described as its mastermind, who is alleged to have gained access to Twitter’s internal controls by tricking a company employee. 

Twitter’s most recent financial results showed revenues dropped 19 per cent year on year to $683m in the second quarter, and the company posted an adjusted net loss of $127m.

Twitter’s filing on Monday said that it had set aside $150m to cover the potential FTC penalty, in keeping with accounting guidelines.

“Following the announcement of our [second quarter] financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order,” a Twitter spokesperson said.

Additional reporting by Kadhim Shubber

Get alerts on Twitter Inc when a new story is published

Copyright The Financial Times Limited 2020. All rights reserved.
Reuse this content (opens in new window)

Follow the topics in this article