Twitter settles US watchdog's privacy charges

SAN FRANCISCO - Twitter is to establish an independent privacy programme as part of setttling charges brought by the Federal Trade Commission (FTC) that it put users' privacy at risk and failed to safeguard their personal information.

Twitter settles US watchdog's privacy charges
Twitter settles US watchdog's privacy charges

The FTC brought charges against Twitter last year on grounds that lapses in the company’s data security allowed hackers to gain unauthorised administration control of Twitter.

Under the terms of the settlement, Twitter will be barred for 20 years from misleading customers about the extent to which it protects the security and privacy of users. Twitter will now have to establish an information security programme that will be assessed by an independent auditor every other year for ten years.

Twitter’s privacy policy states that it "is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorised access."

In January 2009 a hacker was able to guess Twitter’s administrative ‘weak’ password allowing them to reset several passwords. The hacker then posted some of them on a website which allowed other people to access them. 

One tweet was sent from the account of then-President-elect Barack Obama, offering his 150,000-plus followers a chance to win $500 in free gasoline. One bogus tweet was sent from the account of News Corporation-owned Fox News.

During a second security breach in April 2009, a hacker was able to guess the administrative password of a Twitter employee, allowing them to reset at least one Twitter user’s password.

The FTC stated Twitter was vulnerable to these attacks because it failed to take reasonable steps to require employees to use hard-to-guess administrative passwords, disable administrative passwords after a reasonable number of unsuccessful log-in attempts and enforce periodic changes of administrative passwords.

David Vladeck from the FTC’s bureau of consumer protection said: "When a company promises consumers that their personal information is secure, it must live up to that promise.

"Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure."

A statement on Twitter’s blog said: "Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalises our commitment to those security practices."

Have your say...

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus
Media Week Jobs
Search for more media jobs

Latest

Gravity Road: new Bombay Sapphire Imagination Series 'exceeds' our 2013 Bafta win

Gravity Road: new Bombay Sapphire Imagination Series 'exceeds' our 2013 Bafta win

Bombay Sapphire has launched the second year of its 'Imagination Series' of five sponsored short films, after one from last year's series won a Bafta for Gravity Road in January.

Share
Outdoor Campaign of the Month: Just Eat
[Sponsored feature]
Share
Bauer launches daily football stats email The Equaliser

Bauer launches daily football stats email The Equaliser

Bauer Media has launched The Equaliser, a football-based daily email combining sports statistics and analysis, targeting desktop and mobile users.

Share

Get news by email