FTC, Twitter Settle Account Hacking, Privacy Breach Case

CIO Insight Staff Avatar

Updated on:

Under a settlement agreement, Twitter will be obligated to

establish a more rigorous information security policy to prevent user accounts

from being hijacked.

The United States Federal Trade Commission finalized its settlement

with Twitter over charges that the micro-blogging site did not safeguard user

privacy and misled users about its security practices. The commissioners

finalized the settlement, originally announced back in June 2010, in a 5-0 vote

on March 11, the FTC said.

The settlement addressed some “serious lapses in the

company’s data security,” FTC said.

The agreement bars Twitter for 20 years from making

misleading statements about ”the extent to which it protects the security,

privacy and confidentiality” of private user information. Twitter must

establish and maintain a comprehensive information security program which will

be independently audited every two years, according the settlement.

Breaches to the agreement will result in fines of up $16,000

per violation. Twitter will also absorb the costs of the biennial audit.

Hackers were able to gain control of Twitter in two separate

incidents between January and May of 2009, the FTC said in its original

complaint. Hackers accessed 45 accounts in January and 10 in April,

according to Twitter.

Hackers figured out the passwords of Twitter staffers in the

January incident and used that access to read private messages and send out

bogus status messages from over two dozen accounts, including those of

President Barack Obama, singer Britney Spears, and former CNN anchor Rick

Sanchez. The hackers also gained access to the accountsÂ’ e-mail addresses,

mobile phone number if it was associated with the account, and the list of

accounts blocked by users.

For more, read the eWEEK article: Twitter Settles with FTC Over Privacy Breach and Account Hacking.

CIO Insight Staff Avatar