Twitter Finalizes FTC Security Settlement

  /     /     /  
Publicated : 22/11/2024   Category : security


Twitter Finalizes FTC Security Settlement


The microblogging company agrees to a biennial external audit of its security posture for the next 10 years.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
The FTC announced on Friday that its closed its security investigation into Twitter, after the social networking giant accepted a settlement first fielded in June 2010. The settlement stems from the FTCs charge that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information.
According to the FTCs settlement, Twitter must now establish and maintain a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublic consumer information. For the next 10 years, Twitters security program must also undergo an external audit every two years.
Meanwhile, for the next 20 years, Twitter is barred from making misleading statements about the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers, said the FTC.
The settlement is the end result of the
FTCs investigation
into security breaches that occurred at Twitter between January and March of 2009, when hackers twice gained administrative control of the site. Despite Twitters previous privacy policy, which assured users that we employ administrative, physical, and electronic measures designed to protect your information from unauthorized access, attackers hacked into the site the first time by using a brute-force password hacking tool, and the second by simply guessing an administrators password.
The breaches gave attackers access to non-public user information, tweets that users had designated as private, and enabled attackers to generate fake tweets. Owners of the
compromised accounts
included then-President-elect Barack Obama and Fox News.
Of course, those arent the only
security incidents
to have involved Twitter and hijacked accounts. Twitter has experienced numerous high-profile security incidents, including Britney Spears and U.K. members of parliament selling Viagra. And there have been many incidents that have hit users who arent celebrities, said Rob Rachwald, director of security for Imperva, via email.
Such incidents indicate that security was very low on Twitters priority list, he said. But this is nothing new. Given a choice between growth and security, companies typically skimp on security.
The FTCs settlement with Twitter, however, now requires specific security program enhancements, including designating one or more employees to coordinate and remain accountable for its information security program. Twitter must also conduct a data security risk assessment, implement reasonable safeguards to mitigate identified risks, and ensure that any service providers with which it works also maintain appropriate data security safeguards.
Under the settlement, Twitter faces up to a $16,000 fine for every violation of its agreement. The private company has a
market value
recently estimated to be $8 billion to $10 billion.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter Finalizes FTC Security Settlement