FTC to audit Twitter security policies

Associated Press / March 15, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

SEATTLE — Federal regulators finalized a settlement yesterday with Twitter related to data security lapses in 2009 that gave hackers access to users’ accounts.

The Federal Trade Commission said the settlement resolves charges that Twitter deceived its customers and put their privacy at risk by failing to keep their personal information safe, as promised by the company’s policies.

The settlement bars Twitter from misleading consumers about its security and privacy practices for 20 years. The company, which lets people publish short messages called tweets, must also establish a comprehensive information security program that will be audited every other year for 10 years.

No monetary damages were assessed.

The FTC complaint said that hackers were able to gain administrative control of Twitter twice between January and May in 2009, and that weak employee passwords and other poor security practices on the part of staffers were to blame. About 55 accounts were accessed by the hackers.

Twitter has said that it quickly closed the security holes after the breaches were discovered.