14 DAY TRIAL // As if Twitter wasn’t having a bad couple of weeks already, the US Federal Trade Commission (FTC) has come out with what amounts to a slap on the wrist for Twitter for its security practices. The site has suffered from a couple of fairly publicized attacks and they were enough to get the FTC’s attention. The agency has now concluded its investigation and, while it didn’t find the site in violation of any law, it did come to an agreement with Twitter for it to revamp its security practices.
“[T]he United States Federal Trade Commission (FTC) launched an inquiry into our security practices related to these attacks and today announced that we've reached an agreement that resolves their concerns. Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalizes our commitment to those security practices,” Twitter said.
The main reasons behind the FTC’s investigation are a couple of successful attacks on the site. In the first, a hacker was able to compromise some 55 accounts in early 2009 after he used brute force to guess an administrative password. Later, in April 2009, another attack led to 10 user accounts being compromised.
Twitter says it stopped the attacks fairly quickly and has since revamped its security practices. Still, the FTC had a series of requests among them an obligatory yearly review of its security done by a third party for the next ten years.
The agreement also ‘bans’ Twitter for 20 years from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” Of course, it’s not that the FTC encouraged Twitter to do these things so far, so the ‘ban’ is purely a means of raising the issue with little practical effects. However, in the event that Twitter does break the agreement, it will be liable for a fine of up to $16,000.