Twitter settles privacy charges with U.S.

NEW YORK Thu Jun 24, 2010 11:28pm IST

A screengrab of the homepage of microblogging serviceTwitter. REUTERS/www.twitter.com

A screengrab of the homepage of microblogging serviceTwitter.

Credit: Reuters/www.twitter.com

Related Topics

NEW YORK (Reuters) - Microblogging service Twitter has agreed to a settlement with the U.S. Federal Trade Commission over charges it put its customers privacy at risk by failing to safeguard their personal information.

The settlement announced by the FTC on Thursday stems from a series of attacks last year on Twitter, the three-year old phenomenon that lets people send short text messages to groups of followers. Under the terms of the agreement, Twitter is creating an independently audited security program, among other measures.

The FTC said serious lapses in Twitter's security allowed hackers to send out phony tweets pretending to be from U.S. President Barack Obama and Fox News. Hackers also managed to take administrative control of Twitter and gain access to private tweets, or short text messages of 140 characters or less.

Between January and May 2009, hackers were "able to view nonpublic user information, gain access to direct messages and protected tweets, and reset any user's password" and send tweets from any user account, according to the FTC complaint.

Twitter acknowledged 45 accounts were accessed by hackers in January last year and 10 in April 2009 "for short periods of time."

It said the January attack resulted in "unauthorized joke tweets" from nine accounts. The hackers may also have accessed data such as email addresses and phone numbers, the privately held company said.

In the April incident, Twitter said it cut off the hacker's administrative access within 18 minutes of the attack and quickly informed affected users.

The FTC said Twitter was exposed to these attacks because it "failed to take reasonable steps" to prevent unauthorized administrative control of its system.

"When a company promises consumers that their personal information is secure, it must live up to that promise," David Vladeck, director of the FTC's Bureau of Consumer Protection, said in a statement.

And if a company allows consumers to designate their information as private, it must use reasonable security to support that designation, he said.

Under the terms of the settlement, Twitter will be barred for 20 years from "misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information."

Twitter must also establish a comprehensive security program that "will be assessed by a third party every year for ten years," according to the FTC.

Twitter said it already made many of the changes suggested in the settlement, which comes less than two months after another popular social site, Facebook, suffered its own security breaches.

The agreement will be subject to public comment for 30 days, starting on Thursday and continuing through July 26, 2010, after which the FTC will make a final decision. (Reporting by Sinead Carew; editing by Tim Dobbyn and Andre Grenon)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Record Sales

Reuters Showcase

Big IPO

Big IPO

Alibaba IPO ranks as world's biggest after additional shares sold.  Full Article | Video 

Underwriting Commissions

Underwriting Commissions

Alibaba IPO underwriters earn $300 million in fees, 1.2 pct of deal.  Full Article 

Israel Investment

Israel Investment

Israel approves Intel's $6 billion investment in chip plant.  Full Article 

Social Media

Social Media

Iran prosecutor gives government 30 days to block social media .  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage