Twitter will pay $150 million after the company allegedly violated a previous order regarding unauthorized access of users’ personal information, according to the Federal Trade Commission. 

The Justice Department filed a complaint on behalf of the FTC alleging Twitter encouraged users to submit an email address or phone number for the purpose of multi-factor authentication which was meant to better secure their account, but the company went on to sell that information to advertisers in order to target ads.

Twitter’s data collecting operation lasted from May 2013 to Sept. 2019 and resulted in more than 140 million users handing over their personal information. An exact figure on how much the platform made by providing such info wasn’t disclosed, but the FTC claims it was in the “multi-millions.” 

According to The Hill, Twitter issued an apology in 2019 for providing user information used for ad targeting, claiming it was done so “inadvertently.” In wake of the FTC settlement, Damien Kieran, Twitter chief privacy officer, revisited the “inadvertent” theory, writing, “email addresses and phone numbers provided for account security purposes may have been inadvertently used for advertising.” 

The FTC filed a complaint against Twitter in 2010 accusing the company of falsely claiming that users were the only ones who could access their tweets and direct messages could only be seen by the recipient. It was found that users’ personal information was being accessed by others without their permission on several occasions, and Twitter was forced to agree to an order the following year that stipulated if such a violation were to occur again, the company would face a significant financial penalty.  

A few new provisions were implemented following Twitter’s latest privacy violation, including notifying users about the improper use of their personal information, providing multi-factor authentication that doesn’t involve collecting phone numbers, and more.