Twitter has reached a settlement with the Federal Trade Commission (FTC) over charges that it “deceived consumers and put their privacy at risk by failing to safeguard their personal information.” In the Matter of Twitter, Inc.,
The FTC had alleged that “serious lapses” in Twitter’s security last year "allowed hackers to obtain administrative control of Twitter, including access to tweets that consumers had designated private, and the ability to send out phony tweets pretending to be from then-President-elect Barack Obama and Fox News, among others." The two incidents mentioned involved hackers using password-guessing tools to gain access to administrative functions. Under the settlement, Twitter must maintain a comprehensive information security program, to be assessed by a third-party every other year for 10 years. It also will be prohibited from misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information.