Twitter Fined $150M for Security Data MisuseTwitter Fined $150M for Security Data Misuse
Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.
May 26, 2022
The Federal Trade Commission (FTC) has issued a $150 million fine against Twitter for misrepresenting its security and privacy practices.
The FTC, in cooperation with the Department of Justice (DoJ), says that Twitter has been using the email addresses and phone numbers it collects from users to enable two-factor authentication to serve targeted advertising.
In addition to the fine for the violation, Twitter has been given a list of do's and don'ts: It's prohibited from making a profit on data collected under the guise of security; it must allow users to use mobile authentication apps and security keys for multifactor authentication, which don't require a user to provide their phone number; it must notify users if their data has been misused; it must implement a comprehensive information security policy; it must limit employee access to personal user data; and it must notify the FTC of any company breaches.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," said FTC Chair Lina M. Khan in a statement about the Twitter security data misuse ruling. "This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks