FTC: Twitter Deceptively Used 2FA Information

FTC: Twitter Deceptively Used 2FA Information
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="1"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

Twitter has come under fire, to the tune of $150 Million, by the Federal Trade Commission after it was revealed that the social media site had been allowing data collected for two-factor authentication to be used by advertisers to target advertisements. This information included phone numbers and e-mail addresses, which Twitter had not disclosed would be used for marketing purposes.

The FTC in 2011 warned Twitter about the misrepresentation of their privacy and security policies, which they called "deceptive." According to the FTC complaint, "Twitter’s acts or practices [were] in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a), and a 2011 order previously issued by the FTC for alleged violations of Section 5(a)
of the FTC Act."

The complaint continues to describe the over-Six-year period from May 2013 to September 2019 where it "misrepresented to users of its online communication service the extent to which it maintained and protected the security and privacy of their nonpublic contact information."

The FTC states that Twitter allowed the user information to be used by advertisers on the platform to target by name, location, or demographic.

"This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue," said FTC Chair Lina M. Khan.

This case sets a precedent for social media companies going forward.