Twitter has agreed to settle charges by federal regulators that it put the privacy of its users at risk by failing to protect them from data security lapses last year that let hackers access their accounts. The FTC said today the settlement bars Twitter from misleading consumers about its security and privacy practices and requires the start-up to establish a comprehensive information security program. No monetary damages were assessed.
The FTC complaint said the breaches allowed hackers to gain administrative control over the online service. Hackers were able to view email addresses and other private user information, gain access to user messages, reset user passwords, and send phony tweets from user accounts. The agency charges the incidents deceived users because Twitter's privacy policy pledged to "employ administrative, physical, and electronic measures designed to protect your information from unauthorized access." (More Twitter stories.)