FTC fines Twitter $150M for using 2FA info for targeted advertising:
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising.
[...] This is a direct violation of the FTC Act and a 2011 Commission administrative order which banned the company from misrepresenting its security and privacy practices and profiting from deceptively collected data.
[...] Twitter apologized for using phone numbers and email addresses provided for account security like two-factor authentication for advertising in October 2019, saying they "may have been used accidentally for ad targeting."
"We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," said the company at the time.
[...] Something very similar happened in 2018 when Facebook built complex advertising profiles for all its users with everything from their 2FA phone numbers to info harvested from their friends' profiles.
Facebook later used the users' 2FA phone numbers as an additional vector to deliver targeted ads.
Twitter to Pay $150 Million Privacy Fine as Elon Musk Deal Looms:
The FTC order also requires Twitter to notify affected consumers, alert the FTC of future data breaches and undergo independent security audits every other year for the next two decades. The company must provide users multi-factor authentication options that don't rely on phone numbers, a provision that the FTC has begun pushing this year.
The FTC approved the settlement by a unanimous 4-0 vote.
Related Stories
Twitter owner Elon Musk requested a meeting with Federal Trade Commission Chair Lina Khan late last year, but he was rebuffed and told to stop dragging his heels on providing documents and depositions needed for the FTC investigation into Twitter's privacy and data practices, a New York Times report said yesterday.
"In a Jan. 27 letter declining the meeting, Ms. Khan told a Twitter lawyer to focus on complying with investigators' demands for information before she would consider meeting with Mr. Musk," the NYT wrote.
Twitter has to comply with conditions in a May 2022 settlement in which it agreed to pay a $150 million penalty for targeting ads at users with phone numbers and email addresses collected from those users when they enabled two-factor authentication. Last year's settlement was reached after the FTC said Twitter violated the terms of a 2011 settlement that prohibited the company from misrepresenting its privacy and security practices.
Related:
FTC Fines Twitter $150M for Using 2FA Info for Targeted Advertising (20220527)
Twitter Faces FTC Probe, Likely Fine Over Use of Phone Numbers for Ads (20200804)
(Score: 4, Insightful) by captain normal on Friday May 27 2022, @03:44PM (4 children)
Well 150 million is .0034% of the 44 billion Elon offered to buy the mess. I guess them saying "we're sorry and we won't do it again...pinky swear" makes it "all good".
I'm glad I don't do twitter.
When life isn't going right, go left.
(Score: 3, Informative) by Anonymous Coward on Friday May 27 2022, @03:54PM
-nomsg
(Score: 3, Informative) by takyon on Friday May 27 2022, @10:22PM (2 children)
0.34%
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by captain normal on Saturday May 28 2022, @12:10AM (1 child)
Oops, I got to decimal equivalent (ie; 150 million / 44billion = ~.0034) and forgot to multiply by 100. Thanx...
When life isn't going right, go left.
(Score: 0) by Anonymous Coward on Saturday May 28 2022, @04:44AM
Eh, they both still round to zero, so chump change here.
(Score: 3, Interesting) by shrewdsheep on Friday May 27 2022, @04:00PM
Was this a regular FTC review (hard to believe) or some leak (was money involved?)?
(Score: 5, Insightful) by Anonymous Coward on Friday May 27 2022, @04:03PM (4 children)
If you think they actually care about your security, I've a very expensive IT security service that you might like to buy...
(Score: 5, Insightful) by Anonymous Coward on Friday May 27 2022, @04:31PM (1 child)
https://en.wikipedia.org/wiki/Website_Companies_Who_Honestly_Use_Your_Phone_Number [wikipedia.org]
The page "Website Companies Who Honestly Use Your Phone Number" does not exist. You can ask for it to be created, but consider checking the search results below to see whether the topic is already covered.
(Score: 1) by unauthorized on Friday May 27 2022, @07:43PM
Ah, fun with Wikipedia. It's a shame their changed their incomplete list template, always gave me a chuckle when you go to some wacrime index and Wikipedia helpfully suggested that you should help expand it as seen in this meme [pics.me.me].
(Score: 3, Interesting) by Anonymous Coward on Friday May 27 2022, @05:25PM (1 child)
It bears repeating [soylentnews.org]:
(Score: 0) by Anonymous Coward on Friday May 27 2022, @07:49PM
Yes and also, if you don't have a voicemail password, they don't even need the SIM jacking to get in, they can just have the message sent to voicemail.
(Score: 2, Touché) by zzarko on Friday May 27 2022, @09:30PM (3 children)
Accidentally... Yeah, right... When there will be a news that someone's address was accidentally NOT used for ad targeting?
C64 BASIC: 1 a=rnd(-52028):fori=1to8:a=rnd(1):next:fori=1to5:?chr$(rnd(1)*26+65);:next
(Score: 2) by corey on Friday May 27 2022, @10:40PM (2 children)
Yeah it’s complete bs. Someone sat there in front of the SQL database and/or website code and queried/added code for the phone numbers to be used in the advertising code. It can’t be accidental.
(Score: 2, Funny) by Anonymous Coward on Saturday May 28 2022, @04:46AM (1 child)
Well, they did apologize, just like Facebook.
(Score: 0) by Anonymous Coward on Saturday May 28 2022, @07:21AM
Well, alright alright alright!