The Federal Trade Commission (FTC) has accepted the proposed settlement with Twitter over its 2009 security breaches. The settlement was first proposed in mid-2010 when the FTC said that Twitter had "serious lapses in the company’s data security," and as a result, Twitter must implement and maintain a "comprehensive information security program" that will be independently evaluated every other year for 10 years.
The social media service had come under fire for making private tweets and the login credentials of users easily available to "hackers" between January and May of 2009. During that time, someone was able to gain administrative access to Twitter's system (and therefore access to thousands of user accounts, passwords, direct messages, and more) simply by using password-guessing software. That user reset numerous user passwords, allowing others to access those accounts.
There was also a separate incident in which another user was able to get into a Twitter employee's Gmail account and steal more passwords that were stored in plaintext, which were then used to guess that employee's admin password to the Twitter system.
The FTC issued a warning to Twitter a year later, and the finalized settlement was unanimously approved on Friday. There aren't many changes to the settlement between last year and now, except that Twitter's new security program will get evaluated every other year instead of every three years. Additionally, Twitter is barred from misleading consumers about its security practices for 20 years. Hopefully the company doesn't plan to mislead anyone at the 21-year mark.
reader comments
10