FTC Fines Twitter $150M for Using 2FA Info for Targeted Advertising

upstart writes:

FTC fines Twitter $150M for using 2FA info for targeted advertising:

The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising.

[...] This is a direct violation of the FTC Act and a 2011 Commission administrative order which banned the company from misrepresenting its security and privacy practices and profiting from deceptively collected data.

[...] Twitter apologized for using phone numbers and email addresses provided for account security like two-factor authentication for advertising in October 2019, saying they "may have been used accidentally for ad targeting."

"We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," said the company at the time.

[...] Something very similar happened in 2018 when Facebook built complex advertising profiles for all its users with everything from their 2FA phone numbers to info harvested from their friends' profiles.

Facebook later used the users' 2FA phone numbers as an additional vector to deliver targeted ads.

Read more of this story at SoylentNews.