Twitter may face a $250mn FTC fine for alleged misuse of user data

Twitter has disclosed that it may end up paying up to $250 million as fine to the US Federal Trade Commission (FTC) in a probe pertaining to improper use of users’ phone numbers and email addresses for advertising gains.

On July 28, the company received a draft complaint from the FTC alleging violations of Twitter's 2011 consent order with the FTC not to mislead consumers about how it protects their personal information.

"The allegations relate to the Company's use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019," Twitter said its second quarter financial filing on Monday.

"The company estimates that the range of probable loss in this matter is $150 million to $250 million and has recorded an accrual of $150 million," said Twitter.

"The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome," the company added.

Twitter last month suffered its biggest data breach when three young individuals (including one juvenile) compromised the accounts of 130 high-profile celebrities, politicians and businesses like Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Elon Musk, Apple and Uber.

The US Department of Justice has now charged the individuals with hacking Twitter.

Twitter revealed that the massive hack that spread a cryptocurrency scam by hijacking accounts of high-profile celebrities, politicians and businesses was a result of a phone spear phishing attack.

The attackers targeted 130 Twitter accounts, ultimately tweeting from 45, accessing the DM (Direct Messages) inbox of 36, and downloading the Twitter data of seven accounts.

The incident raised concerns around Twitter tools and levels of employee access.