Twitter has arranged the settlement regarding the Federal Trade Commission charges about the said site. The privacy of users is placed at risk because of the lack of security with users’ personal information.

One of the biggest social networking sites, Twitter, will soon be establishing a security program. This security program will be evaluated by another company. The Federal Trade Commission news release has stated that Twitter “will end up being barred for nearly twenty years from misleading its consumers about the extent to which it retains and protects the security, privacy as well as the confidentiality of nonpublic consumer information.”

In order to prevent this, Twitter is required to establish and maintain a strong information and security program. But to ensure maximum security of the privacy program, this will be evaluated by an independent professional auditor every other year for the length of 10 years.

The Federal Trade Commission fights for the rights of every user to keep any personal information secured and private. But users can still share chosen information on social networking sites such as that of Twitter. This statement is according to the director of the FTC’s Bureau of Consumer Protection, David Vladeck.

Security Breaches

Security breaches have occurred twice in January and April 2009. According to the FTC, a hacker made use of an application that guesses passwords in order to control of the admin. The password was said to be in lowercase and is such a common word. The hacker then changed many passwords and posted them on other sites.

With the use of the hacker’s new passwords, many other people have gained unauthorized access to 9 users of Twitter. These people were able to send fake tweets. And the worse thing about this issue is the use of President Barack Obama’s account. The fake tweet from the president stated that people can win $500 of free gasoline. The culprit was a 23-year-old French hacker.

For the second security breach, another hacker used a Twitter employee’s personal e-mail after miraculously getting the password. A password was found in plain test and has been used to reset other passwords of Twitter users. This hacker also manipulated nonpublic user information and tweets.

Steps to Prevent the Recurrence of the Problem

According to the complaint, Twitter has failed to protect the personal and private information regarding the users. In order to prevent this from happening again, some step should be followed and these are the following:

•    Administrative passwords should be hard-to-guess and should not be used for any other program, site or network.
•    The administrative password access should be disabled when the attempts of entering the correct password failed.
•    Administrative passwords should expire every 90 days.

Twitter’s Response

According to Alexander Macgillivray, the Twitter’s general counsel, the unwanted breaches happened a long time ago when they only have 50 employees. Twitter has already fixed the security problems and the affected user was notified as soon as possible during the January hacking incident. With regards to the April incident, the hacker’s administrative access was removed in less than 18 minutes. The general counsel explained that even before the FTC’s complaint arrived, they have implemented certain security actions for Twitter.