The San Francisco-based company said Monday that it received a draft complaint from the Federal Trade Commission on July 28 that accused it of using users’ email addresses and phone numbers for advertising purposes between 2013 and 2019 after telling customers that it had collected them for security and safety reasons.

Under the terms of a 2011 consent decree, Twitter is barred from misleading customers about how it “protects the security, privacy and confidentiality of nonpublic consumer information.” Twitter users verify their email addresses and phone numbers when setting up two-factor authentication on their accounts.

Twitter said it estimates a probable loss of between $150 million and $250 million in settlement charges, and has already recorded $150 million of that estimate in accrual related to the allegations.

“The matter remains unresolved, and there can be no assurance as to the thing or the terms of any final outcome,” the company said.

It’s the latest black eye for the social network headed by Jack Dorsey, which last month fell victim to a massive hack that took control of more than 100 of its most high-profile users — including Barack Obama, Elon Musk and Kanye West — to push a bitcoin scam.

Twitter shares were down 1.1 percent in early Monday trading.