Twitter has reached a settlement with US regulators over a privacy breach that allowed hackers to access the accounts of then president-elect Barack Obama and others and send out phony messages.
Under the settlement with the Federal Trade Commission (FTC), the popular San Francisco-based micro-blogging service must establish an independently audited “comprehensive information security program,” the FTC said.
Twitter is also barred for 20 years from “misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality” of its users.
“When a company promises consumers that their personal information is secure, it must live up to that promise,” said David Vladeck, director of the FTC’s bureau of consumer protection.
“Serious lapses in the company’s data security allowed hackers to obtain administrative control of Twitter… and the ability to send out phony tweets pretending to be from then-president-elect Barack Obama and Fox News, among others,” the FTC said.
It said a hacker used a password-guessing tool to gain administrative control of Twitter in January 2009 and reset numerous user passwords, posting some of them on a website where other people could access them.
“Using these fraudulently reset passwords, other intruders sent phony tweets from approximately nine user accounts,” the FTC said.
“One tweet was sent from the account of then-president-elect Barack Obama, offering his more than 150,000 followers a chance to win 500 dollars in free gasoline,” it said.
In an April 2009 breach, a hacker compromised a Twitter employee’s personal e-mail account, gaining access to private user information and messages for any Twitter users.
“Twitter was vulnerable to these attacks because it failed to take reasonable steps to prevent unauthorized administrative control of its system,” the FTC said.
The FTC said the case was its 30th targeting faulty data security and its first against a social networking service.
The micro-blogging service has exploded in popularity since it was launched in March 2006 and Twitter chief operating officer Dick Costello said recently that it now attracts 190 million visitors a month.