Twitter, regulators finalize security settlement

March 14, 2011 GMT

SEATTLE (AP) — Federal regulators finalized a settlement Monday with Twitter related to data security lapses in 2009 that gave hackers access to users’ accounts.

The Federal Trade Commission said the settlement resolves charges that Twitter deceived its customers and put their privacy at risk by failing to keep their personal information safe as promised by the company’s policies.

The settlement bars Twitter from misleading consumers about its security and privacy practices for 20 years. The startup, which lets people publish short messages called tweets, must also establish a comprehensive information security program that will be audited every other year for 10 years.

No monetary damages were assessed.

The FTC complaint said that hackers were able to gain administrative control of Twitter twice between January and May 2009, and that weak employee passwords and other poor security practices on the part of staffers were to blame. About 55 accounts were accessed by the hackers.

Twitter has said that it quickly closed the security holes after the breaches were discovered.