Link: Twitter fined $150m for selling user data collected under the auspices of 2FA
The offences occurred between May 2013 and September 2019, according to the court document, with the information ostensibly used for purposes including two-factor authentication. But Twitter would then use this data to allow advertisers to target specific groups of Twitter users, by matching the telephone numbers and email addresses to the advertisers’ own lists of telephone numbers and email addresses.
Aside from being generally horrible, this is terrible for user trust in security measures. It also demonstrates how single pieces of data can be used to de-anonymise users when compared to other datasets.