FTC settles with Twitter on 'misleading' security practices
The Federal Trade Commission has agreed on a settlement with Twitter resulting from the site's alleged "serious lapses" in data security that allowed hackers to take over Twitter twice in 2009, accessing users' private information and hijacking accounts to send out phony tweets.
According to an FTC statement, the settlement "resolved charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information."
Twitter was about 2 years old at the time of the incidents, a young site that often struggled under the weight of its fast-growing traffic and server demands.
Hackers were able to take over several dozen prominent Twitter accounts, including those of Barack Obama, Britney Spears and then-CNN anchor Rick Sanchez, for whom a phony tweet was put out declaring that, "i am high on crack right now might not be coming to work today."
The hackers also gained access to the accounts' e-mail addresses and other associated data.
At the time, Twitter called the episode a "very serious breach of security."
As part of the settlement, Twitter is barred for 20 years from "misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information."
The settlement, which was unanimously approved by FTC officers, also requires Twitter to create a "comprehensive information security program," which will be reviewed by an independent auditor every other year for 10 years.
When asked for a comment on the settlement, a Twitter spokeswoman pointed to a company blog post from last year, which noted that "even before the agreement, we'd implemented many of the FTC's suggestions" and that "the agreement formalizes our commitment to those security practices."
-- David Sarno
Photo: Twitter co-founder Biz Stone speaks at the World Economy and Future Forum in South Korea this month. Credit: Lee Jae-Won / Reuters