RSS Feed
12:40 PM
mobileinfo
Under a settlement agreement, will Twitter be required to have a more strict information security policy to prevent users from accounts hijacked.
The u.s. Federal Trade Commission completed its arrangement with Twitter about costs that the micro-blogging site doesn't protect the privacy of users did and misled users about its practices for security. The Commissioners finalized the settlement originally announced in June 2010 in the mood of a 5-0 on 11 March, the FTC said.
The settlement addressed some "serious lapse in the security of the data of the company," said FTC.
The agreement bars Twitter for 20 years of making misleading statements about the extent to which it protects the security, privacy and confidentiality of private user information. Twitter should establish and maintain a comprehensive information security program that will be independently verified every two years, according to the settlement.
Breaches of the agreement will lead to fines of up to $ 16,000 per violation. Twitter will also the cost of absorbing the biennial audit.
Hackers could gain control of Twitter in two separate incidents between January and may of 2009, the FTC said in her original complaint. Hackers accessed 45 accounts in January and 10 in April, according to Twitter.
Hackers figured out the passwords of Twitter staff members in the January incident and that access uses to read private messages and sending out fake status messages of more than two dozen accounts, including that of President Barack Obama, singer Britney Spears and former CNN anchor Rick Sanchez. The hackers also gained access to the accounts e-mail addresses, mobile phone number if it was linked to the account, and the list of accounts blocked by users.
Twitter has not lock accounts after several incorrect login attempts, allowing the hacker to submit thousands of guesses before figuring out the correct password, which is a weak, lowercase letters, common dictionary word was, "according to the FTC.
A hacker gained access to a Twitter employee's personal e-mail account, which is a Twitter administrative password stored in plain text, in the April incident.
Twitter said at the time that the incident a very serious breach of security was, but noted that the company very fast shutdown of the attacks had responded.
The FTC said that Twitter users are misled that was taking appropriate security measures to protect their privacy. The company was using easily decipher passwords, allowing employees to store information in vulnerable places, does not suspend accounts after a number of failed logins, passwords expire, not set and has no restrictions on administrative access, the FTC said.
At the time of the attacks, Twitter s privacy policy said the company was "very concerned about safeguarding the confidentiality of your personally identifiable information" and that Twitter service "administrative, physical and electronic measures to protect your information from unauthorized access," said the FTC. Users were also given them privacy settings to designate their private messages if enabled.
Twitter has that language removed from its current privacy policy on the site.
Twitter does not have an updated statement on the FTC settlement, but a blog post from June 2010 claim the company has already many of the proposed safety practices cited.
While Twitter safety can be improved since 2009, Twitter users still have their accounts hijacked. Actor Ashton Kutcher had inherited his account, apparently after he exposed his login credentials across an unsecured wireless network at the TED Conference earlier this month.
That kind of account takeover can be avoided if Twitter users can connect via a secure Web connection. Facebook that option on its site recently rolled out, but not yet has the standard practice, or mandatory for all users.
0 comments:
Post a Comment