RealTime IT News

Twitter Signs Off on FTC's Wrist Slap

Twitter hopes that it has finally put some of its most embarrassing growing pains behind it this week by agreeing to a settlement with the Federal Trade Commission that calls for periodic reviews of security measures it's already enacted to avoid compromising users' accounts and passwords.

As eSecurity Planet reports, the settlement comes after the FTC initiated an inquiry into a series of security incidents that plagued Twitter in the early months of 2009 when hackers managed to infiltrate and send phony tweets from Twitter accounts held by then-President-elect Obama and other high-profile users.

The settlement also explicitly bars Twitter from "misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information" for a period of 20 years.

The FTC's original complaint charged Twitter with failing to implement several best practices regarding password security, such as using character combinations that are difficult to guess and disabling access after a limited number of failed login attempts.


Microblogging service Twitter has reached a settlement with the Federal Trade Commission to resolve a complaint charging the company with lax security measures that allowed hackers to obtain administrative controls and send out bogus tweets in the guise of prominent users of the service including then-President-elect Obama.

"When a company promises consumers that their personal information is secure, it must live up to that promise," David Vladeck, director of the FTC's Bureau of Consumer Protection, said in a statement. "Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations."

Under the terms of the settlement, Twitter has agreed to establish and maintain a comprehensive security data security framework for 10 years that will be subjected to a third-party audit every other year.

Read the full story at eSecurity Planet:
Twitter Settles Security Complaint With FTC