After being accused by law enforcement officials of using user data to sell targeted ads, Twitter must pay a $150m (PS119m), fine.
Court documents show that the Federal Trade Commission (FTC), and the Department of Justice claim Twitter broke an agreement they had with regulators.
Twitter has pledged not to give advertisers personal information such as phone numbers or email addresses.
Federal investigators claim that the social media company violated those rules.
Twitter was penalized PS400,000 for violating EU's GDPR data privacy rules in December 2020.
The FTC, an independent US government agency, has the mission of enforcing anti-trust laws and protecting consumers.
It accused Twitter of violating an FTC order from 2011 that specifically prohibited it from misrepresenting its security practices.
Twitter's advertising revenue is the largest source of revenue. Twitter allows users to post messages up to 280 characters, and tweets, from celebrities and consumers.
According to the complaint filed by the Department of Justice for the FTC, Twitter began asking users to give their email addresses and phone numbers in 2013 to increase account security.
Lina Khan, chair of the FTC, stated that Twitter had obtained user data under the pretext to harness it for security purposes but ended up using the data to target users.
"This practice affected over 140 million Twitter users while increasing Twitter's primary source revenue source."
Ian Reynolds, the managing director of Secure Team computer security firm, said to the BBC that Twitter violates the trust their users have in them by using their personal information to their advantage and increasing their revenue.
He said: "Twitter led its customers into a false feeling of security by acquiring data through claiming that it was for security purposes. But, ultimately, they used the data to target their customers with ads.
"This reality shows how powerful companies still hold over your data, and that users have a long way before they can feel secure in the knowledge that they have complete control over their digital footprint."
Twitter asks for a phone number and an email address to authenticate accounts.
This information can also be used to reset passwords, unlock accounts, and enable two-factor authentication.
Two-factor authentication adds an additional layer of security. It sends a code to a phone number, or email address to allow users to log in to Twitter.
According to the FTC however, Twitter used that information until September 2019 to increase its advertising business.
Advertisers are accused of having access to user security information.
Twitter must, in addition to paying the fine,:
Vanita Gupta (US associate attorney general) stated that "The Department of Justice is committed towards protecting the privacy of consumers’ sensitive data."
"The $150m penalty is a reflection of the seriousness of the accusations against Twitter. The substantial new compliance measures that will be imposed as part of the proposed settlement will help to prevent any further misleading tactics that may threaten users' privacy.