Security News > 2022 > May > FTC fines Twitter $150M for using 2FA info for targeted advertising
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising.
"As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue," said FTC Chair Lina M. Khan.
Twitter apologized for using phone numbers and email addresses provided for account security like two-factor authentication for advertising in October 2019, saying they "May have been used accidentally for ad targeting."
Twitter's Tailored Audiences is an advertising product that enables advertisers to send targeted ads to customers in their marketing lists based on information such as email addresses and phone numbers.
Something very similar happened in 2018 when Facebook built complex advertising profiles for all its users with everything from their 2FA phone numbers to info harvested from their friends' profiles.
Facebook later used the users' 2FA phone numbers as an additional vector to deliver targeted ads.