Skip to main content

Twitter Settles with FTC Over Privacy

Image used with permission by copyright holder

Micro-blogging service Twitter has settled charges brought against it by the Federal Trade Commission that it violated its users privacy and effectively engaged in customer deception due to a security lapses that enabled attackers to access accounts, send phony tweets, and get “administrative control” of Twitter.

The charges stem from incidents in the first half of 2009 in which attackers where able to gain access to Twitter’s internal operations using a dictionary-based password-guessing tool…and it found a very weak administrative password. The administrative password gave attackers access to private user information, including direct messages and private tweets sent between users. They were also able to reset any Twitter user’s password and sent forged tweets that appeared to be from any arbitrary account. The attackers forged tweets from many users, including President Barak Obama (he was president-elect, at the time: the fraudulent tweet promised free gasoline) as well as Fox News.

“When a company promises consumers that their personal information is secure, it must live up to that promise,” said FTC Consumer Protection Bureau director David Vladeck, in a statement. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.”

Twitter says the incidents “impacted a small number of users,” and the security holes were quickly closed, with Twitter notifying impacted account holders and posting blog items about the incidents.

Twitter is not paying any penalties under the settlement. However, the service will be required to have employees use strong administrative passwords, prohibit employees from storing passwords as plain text, suspend administrative passwords after a “reasonable” number of unsuccessful login attempts, and place a series of other restrictions on access to administrative accounts and employees who have access to them. Twitter is also barred from misleading consumers about security and privacy issues for 20 years—if they’re found to violate that, each violation could cost the company $16,000.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
What is Twitter Blue and is it worth it?
Twitter Blue menu option on a white screen background which is on a black background.

If you spend time on Twitter, you've probably heard the phrase "Twitter Blue" at some point and wondered what exactly it is. We're not talking about the signature shade of blue featured in its logo -- we're talking about the premium version of Twitter.

That's right. There's a paid tier for Twitter that many people don't even know exists that launched in July of 2021. And then relaunched again under Elon Musk's ownership in November 2022. Don't worry -- we'll explain everything below.
What is Twitter Blue?

Read more
What is Mastodon? Here’s why everyone’s talking about this Twitter alternative
Series of four mobile screenshots showing Mastodon's sign-up process.

By now you've no doubt heard about Mastodon. It's a social media platform that's been bandied about as an alternative to Twitter, particularly among users who aren't comfortable with the direction Twitter is going in now that Elon Musk is at the helm.

In fact, since Musk first announced that he was planning on buying the popular microblogging platform, Mastodon has garnered quite a bit of attention and experienced significant growth. But though you've likely heard about Mastodon, you may not be familiar with how it works or haven't decided whether or not it would be a good fit for you if you ever choose to leave Twitter and need an alternative social media platform. Don't worry. We've got you covered. In this guide, we'll get you up to speed on everything you need to know about social media's buzziest new platform.
What is Mastodon?

Read more
Twitter’s SMS two-factor authentication is having issues. Here’s how to switch methods
A person's hands holding a smartphone as they browse Twitter on it.

It might be a good idea to review and change your two-factor authentication options for Twitter. Elon Musk's Twitter has another issue for its users to worry about.

Twitter has reportedly been having issues with its SMS two-factor authentication feature (2FA). According to Wired, beginning as early as this past weekend, some Twitter users have reported difficulties logging in to their Twitter accounts due to the app's SMS 2FA feature not working properly. Essentially, the feature relies on the app sending users an authentication code via text message, which they can then enter as a second step in the login process.

Read more