Under a settlement agreement, Twitter will be obligated to
establish a more rigorous information security policy to prevent user accounts
from being hijacked.
The United States Federal Trade Commission finalized its settlement
with Twitter over charges that the micro-blogging site did not safeguard user
privacy and misled users about its security practices. The commissioners
finalized the settlement, originally announced back in June 2010, in a 5-0 vote
on March 11, the FTC said.
The settlement addressed some “serious lapses in the
company’s data security,” FTC said.
The agreement bars Twitter for 20 years from making
misleading statements about Ôthe extent to which it protects the security,
privacy and confidentialityÔ of private user information. Twitter must
establish and maintain a comprehensive information security program which will
be independently audited every two years, according the settlement.
Breaches to the agreement will result in fines of up $16,000
per violation. Twitter will also absorb the costs of the biennial audit.
Hackers were able to gain control of Twitter in two separate
incidents between January and May of 2009, the FTC said in its original
complaint. Hackers accessed 45 accounts in January and 10 in April,
according to Twitter.
Hackers figured out the passwords of Twitter staffers in the
January incident and used that access to read private messages and send out
bogus status messages from over two dozen accounts, including those of
President Barack Obama, singer Britney Spears, and former CNN anchor Rick
Sanchez. The hackers also gained access to the accountsÃ’ e-mail addresses,
mobile phone number if it was associated with the account, and the list of
accounts blocked by users.
For more, read the eWEEK article: Twitter Settles with FTC Over Privacy Breach and Account Hacking.