Twitter has agreed to pay US$150 million (NZ$231.5 million) to settle allegations it misused private information, such as phone numbers, for targeted advertising.
The social network had been telling users tjat the information would be used for security reasons, according to court documents.
Twitter's settlement covers allegations that it misrepresented the "security and privacy" of user data between May 2013 and September 2019, according to the court documents.
Now, the company will pay US$150 million as part of the settlement announced by the Justice Department and the Federal Trade Commission (FTC).
In addition to the monetary settlement, the agreement requires Twitter to improve its compliance practices.
The official complaint said that the misrepresentations violated the FTC Act and a 2011 settlement with the agency.
"Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences," the complaint reads.
Twitter's chief privacy officer, Damien Kieran, said in a statement that with the settlement "we have aligned with the agency on operational updates and program enhancements" to protect user privacy and security.
The social network is free service for users, and makes money primarily through advertising.
Billionaire Elon Musk, who is said to be buying Twitter for US$44 billion, has criticised its ad-driven business model and pledged to diversify its revenue sources.
"If Twitter was not truthful here, what else is not true?
This is very concerning news," Musk said in a tweeted, commenting on the social media company's ad practices and the fine.
United States officials pointed out that of the US$3.4 billion in revenue that Twitter earned in 2019, about US$3 billion was from advertising.
The company earnt US$5 billion in revenue for 2021.
In a filing earlier this month Twitter said that it had put aside $150 million after agreeing "in principle" upon a penalty with the FTC.
"Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," said FTC Chair Lina Khan in a statement.
"This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue," Khan added.
The complaint also alleges that Twitter falsely said it complied with the European Union-US and Swiss-US Privacy Shield Frameworks, which bar companies from using data in ways that consumers do not authorise.
Twitter's settlement follows years of fallout over the privacy practices of tech companies.
Revelations in 2018 that Facebook, the world's biggest social network, was using phone numbers provided for two-factor authentication to serve ads enraged privacy advocates.
Facebook, now called Meta, similarly settled with the FTC over the issue as part of a US$5 billion agreement reached in 2019.