Skip to main content

Twitter Settles with FTC Over Privacy

Image used with permission by copyright holder

Micro-blogging service Twitter has settled charges brought against it by the Federal Trade Commission that it violated its users privacy and effectively engaged in customer deception due to a security lapses that enabled attackers to access accounts, send phony tweets, and get “administrative control” of Twitter.

Recommended Videos

The charges stem from incidents in the first half of 2009 in which attackers where able to gain access to Twitter’s internal operations using a dictionary-based password-guessing tool…and it found a very weak administrative password. The administrative password gave attackers access to private user information, including direct messages and private tweets sent between users. They were also able to reset any Twitter user’s password and sent forged tweets that appeared to be from any arbitrary account. The attackers forged tweets from many users, including President Barak Obama (he was president-elect, at the time: the fraudulent tweet promised free gasoline) as well as Fox News.

“When a company promises consumers that their personal information is secure, it must live up to that promise,” said FTC Consumer Protection Bureau director David Vladeck, in a statement. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.”

Twitter says the incidents “impacted a small number of users,” and the security holes were quickly closed, with Twitter notifying impacted account holders and posting blog items about the incidents.

Twitter is not paying any penalties under the settlement. However, the service will be required to have employees use strong administrative passwords, prohibit employees from storing passwords as plain text, suspend administrative passwords after a “reasonable” number of unsuccessful login attempts, and place a series of other restrictions on access to administrative accounts and employees who have access to them. Twitter is also barred from misleading consumers about security and privacy issues for 20 years—if they’re found to violate that, each violation could cost the company $16,000.

Topics
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Twitter API broke links, images on the website this morning
A stylized composite of the Twitter logo.

Twitter broke in several places this morning, likely due to Twitter's own API. Slow load times, broken links, and services like TweetDeck went down on Monday, displaying an error related to Twitter's API. This is not the first hurdle Twitter has seen due to its API under the new leadership of Elon Musk.

When using a link on Twitter or accessing a service like TweetDeck, you would see this message: "{"errors":[{"message":"Your current API plan does not include access to this endpoint, please see https://developer.twitter.com/en/docs/twitter-api for more information","code":467}]}" That's not too helpful -- going to the website address in the error would take you to a page with the same error.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more
What is Twitter Blue and is it worth it?
Twitter Blue menu option on a white screen background which is on a black background.

If you spend time on Twitter, you've probably heard the phrase "Twitter Blue" at some point and wondered what exactly it is. We're not talking about the signature shade of blue featured in its logo -- we're talking about the premium version of Twitter.

That's right. There's a paid tier for Twitter that many people don't even know exists that launched in July of 2021. And then relaunched again under Elon Musk's ownership in November 2022. Don't worry -- we'll explain everything below.
What is Twitter Blue?

Read more