E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: PCMag

Posted on March 22, 2011

The Federal Trade Commission said that it has finalized a settlement with Twitter over charges that the micro-blogging site failed to adequately safeguard user information, which led to two high-profile hacker attacks in early 2009.

The settlement was announced back in June 2010, but has just now been finalized. It found that Twitter deceived consumers and put their privacy at risk, the FTC said.

Under the terms of the deal, Twitter is banned for the next 20 years from misleading consumers about the extent to which it protects the security and privacy of non-public information, the FTC said. Twitter must also establish a comprehensive information security program, which will be assessed by an independent third party every other year for the next 10 years.

Violation of such an order could result in a civil penalty of up to $16,000, the FTC said Friday.

A Twitter spokeswoman said the company does not have an updated statement on the matter, and pointed PCMag to a blog post Twitter wrote about the original settlement announcement.

The issue dates back to 2009, when easily guessed administrative passwords allowed hackers to gain access to Twitter accounts.

In the first case, which happened in January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter. Twitter's system did not automatically lock people out after they failed to guess the correct password after several tries, so the hacker was able to submit thousands of guesses before gaining access.

"The administrative password was a weak, lower case, common dictionary word," according to the FTC.

Once inside, the hacker re-set the passwords of some high-profile tweeters and sent fake tweets from the accounts. This included then President-Elect Barack Obama and former CNN host Rick Sanchez, whose account soon had a tweet that read "i am high on crack right now might not be coming into work today."

The second breach, in April 2009, a hacker gained access to a Twitter employee's personal e-mail account, which contained the employee's Twitter administrative password stored in plain text.

"Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information," the FTC said. "Twitter was vulnerable to these attacks because it failed to take reasonable steps to prevent unauthorized administrative control of its system."

Twitter was vulnerable, the FTC said, because it used easily decipherable passwords, let employees store password information in easily accessed places, did not suspend accounts after an unreasonable number of failed logins, did not set passwords to expire after a certain amount of time, and did not impose restrictions on admin access, among other things.

"Within hours of the January breach, we closed the security hole and notified affected account holders," Twitter said in its blog post. "In the April incident, within less than 18 minutes of the hack we removed administrative access to the hacker and we quickly notified affected users."

"Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalizes our commitment to those security practices," Twitter concluded.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.