Federal regulators finalized a settlement March 2 with Twitter over the social networking site’s failure to safeguard Twitter users’ private information for four months in 2009.
Between January and May 2009, security holes in the company’s system allowed hackers to “obtain unauthorized administrative control of Twitter including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account,” according to documents presented after a Federal Trade Commission investigation.
In a June 2010 statement addressing the allegations, Twitter officials admitted that 55 user accounts were accessed over the four-month period, but claimed the site had promptly secured its systems after discovering the vulnerability.
As of March 16, Twitter’s security page read: “At Twitter, we value your online security as much as you do. Our team works constantly to protect the security of your account, and takes steps every day to provide a secure Twitter experience for our users.”
Company officials consented to the settlement, which FTC officials noted does not include an admission of guilt. For 20 years, the site will be barred from misleading consumers about the security of their private information and the actions Twitter takes to circumvent unauthorized users from accessing their data.
Also, every year for the next 10 years, an outside auditor must evaluate the company’s “comprehensive information security program,” which the FTC has ordered Twitter to overhaul.
The site would face a civil penalty of up to $16,000 for each violation of any portion of the agreement.