Thursday, June 24, 2010

USA: FTC Bars Twitter “For 20 Years From Misleading Consumers” About Privacy After 2009 Hacks

"One tweet was sent from the account of then-President-elect Barack Obama, offering his more than 150,000 followers a chance to win $500 in free gasoline."

Ahmadiyya Times | Staff | U.S. Desk
Source & Credit: Tech Crunch
BY Erick Schonfeld | June 24, 2010

Today, the FTC settled a lengthy investigation into Twitter's lax security practices and protection of user accounts after two high-profile hacking incidents in 2009. The first one, which occurred in January, 2009, compromised 35 high-profile accounts, including those of President Barack Obama, Bill O'Reilly, Britney Spears, the Huffington Post, and Facebook. According to the FTC:
"One tweet was sent from the account of then-President-elect Barack Obama, offering his more than 150,000 followers a chance to win $500 in free gasoline."

The other attack occurred in April, 2009, and involved a hacker gaining access to a Twitter employee's email account which stored the employee's administrative password. The hacker in question was the Frenchman who goes by the handle Hacker Croll. (Later, this was the same hacker who sent us confidential Twitter documents, but that incident was not part of the FTC investigation).


The FTC's concern in the matter is the ability of hackers to breach Twitter's password system and gain access to user accounts. According to the FTC:
"Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by a third party every other year for 10 years."
The FTC provides a list of security measures Twitter failed to have in place, which Twitter says were implemented subsequent to the attacks. It may sound silly to bar Twitter from "misleading consumers" for 20 years, but that is essentially the life of the order and gives the FTC the ability to fine Twitter for future security breaches to the tune of $16,000 per incident. Without this order and the settlement, the FTC does not have what is known as civil penalty authority.

A source at the FTC tells me that the agency is "closely watching social media for information at risk." Compromised social networks are increasingly becoming a way for fraudsters to reach and trick consumers. Twitter is on notice now, and so are other social networks, that they must do everything they can to protect user's accounts from security breaches.

Reas original post here: http://techcrunch.com/2010/06/24/ftc-twitter-privacy-settlement/

(Posted via PocketPc©, Sprint PCS©)
Posted by at

No comments:

Post a Comment

Thank you for your comments. Any comments irrelevant to the post's subject matter, containing abuses, and/or vulgar language will not be approved.

Subscribe to: Post Comments (Atom)

Top read stories during last 7 days

Disclaimer!

THE TIMES OF AHMAD is NOT an organ of the Ahmadiyya Muslim Community, nor in any way associated with any of the community's official websites. Times of Ahmad is an independently run and privately managed news / contents archival website; and does not claim to speak for or represent the official views of the Ahmadiyya Muslim Community. The Times of Ahmad assumes full responsibility for the contents of its web pages. The views expressed by the authors and sources of the news archives do not necessarily reflect the views and policies of the Times of Ahmad. All rights associated with any contents archived / stored on this website remain the property of the original owners.