An FTC complaint – based on incidents in 2009 in which hackers were able to gain access to Twitter accounts of President Obama and Britney Spears, among others – resulted in charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard information.
The agency alleged serious lapses in Twitter’s information security that allowed hackers to gain administrative control of Twitter, including access to user accounts and the ability to send out bogus tweets from those accounts.
Under the terms of the settlement agreement reached in June 2010 and finalized last week, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by users.
Twitter also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.
The FTC said that any violation of the agreement will result in a civil penalty of up to $16,000 per violation.