FTC Direct Messages Twitter About Security Breaches - The UpStream

I have posed the question before about what Twitter will do with their virtually endless supply of investor capital and while we still don't have a clear answer we now know that it wasn't spent on keeping your information safe. According to the FTC Twitter has had "serious lapses in the company's data security." What exactly does that mean? It means that during January through May 2009 hackers were easily able to get into Twitter admin accounts by using simple password guessing programs. They then reset the password to the accounts so others could have access. In an unrelated instance, another hacker was able to break into a Twitter employees Gmail account in which they had users passwords stored in plain text... IN PLAIN TEXT!

The FTC has given Twitter a written warning about using simple passwords and also for storing them IN PLAIN TEXT. The company will have their security tested every 3 years by an independent company. They will also be fined $16,000 per every instance of a security breach. The icing on the cake however, is that Twitter is also not allowed to lie about their privacy and security settings for the next 20 years. The only reason I can think of as to why 20 years is the requirement is that the FTC doesn't expect them to be around that long.