The microblogging service Twitter has signed an agreement with the Federal Trade Commission to implement a comprehensive security program.
It looks like a serious call to order for Twitter and a first for a social networking service. In the U.S., the Federal Trade Commission (FTC) has indeed sanction microblogging service for its failures in the protection of personal data of users. The fault in the past behind Twitter.
Between January and May 2009, Twitter has suffered two Security Incidents, recalls FTC. The first led to the compromise of multiple accounts through an intrusion into the administrative control of Twitter after the password had been obtained through a dictionary attack. The second incident is well known in our country, and earned Croll – Hacker sentenced to prison five months suspended.
According to the FTC, Twitter has its share of responsibility in these events with respect to a form of laxity and basic security policy which has not been followed. The FTC cited the example of the fact that Twitter had posted a web page administration whose address was known only by authorized personnel, employees who showed passwords of directors on their accounts clear, passwords used too simple.
The agreement with FTC asks ban on Twitter for a period of 20 years "mislead consumers about the implementation of protective security, privacy and confidentiality of their data". Annually 10 years, a independent audit verify that Twitter has introduced a "comprehensive computer security".
On his blog, Twitter indicates not have expected this agreement to implement suggestions from the FTC. The legal officer also stressed that security incidents cited by the FTC intervened in early 2009 at a time when society was less than 50 employees cons about three times now and growing rapidly. Still, that does not excuse much.