Twitter reached a settlement with the Federal Trade Commission (FTC) over user privacy violations exposed by the watchdog in 2019, with the social media company stumping up $150 million.

In a statement, Twitter explained it had put an end to the issue by paying the penalty, but claimed it had actually addressed the violation shortly after the FTC disclosed the breach three years ago.

The FTC commenced an investigation after finding Twitter user email addresses and phone numbers provided for security purposes may have inadvertently been used for advertising between 2013 and 2019.

Twitter asks users to provide phone numbers for two-factor authentication when signing-up to the platform, however these numbers remained in the system to allow advertisers to tailor promotions. Twitter could not clarify how many users were affected.

When the probe commenced, Twitter stated it was expecting to face a probable loss of $150 million to $250 million.

In its settlement statement, Twitter explained it worked with the FTC throughout the probe, and aligned with the agency on operational updates and programme enhancements to ensure people’s data remains secure and their privacy protected.

Going forward, Twitter added it would make investments in security policies and standards, including building and evolving processes, implementing technical measures and conducting regular audits.