Twitter Settles with FTC Privacy Complaint Over Hacked Celebrity Accounts

Twitter has settled a case with the FTC over concerns that it could not offer the level of security it promised in its original privacy policy. The case stemmed from two separate attacks in 2009, resulting in the hacking of high profile Twitter accounts like Ashton Kutcher and Barack Obama.

The incidents in 2009 involved hackers breaking into the administrative backend of Twitter and gaining access to employee passwords. They then used those passwords to take over over 50 Twitter accounts, including those of Britney Spears, Ashton Kutcher, Fox News, Barack Obama and others.

The hacker was able to post tweets from these accounts, as well as read private messages and view who was on the Twitterati’s block lists.

The complaint brought to Twitter by the FTC was that Twitter failed to take appropriate security measures to protect the privacy of their users. Specifically, the FTC alleged that this attack exposed non-public information, and that Twitter’s original privacy policy did not provide the level of security it claimed to. The FTC also took exception to Twitter’s privacy policy stating that Twitter had ““administrative, physical and electronic measures designed to protect your information from unauthorised access.”

In the settlement, Twitter has agreed to establish a rigorous security program which would be independently audited, at Twitter’s expense, every two years for the next ten years. Breaches to this agreement will cost Twitter upwards of $16,000 each.

The company had already reached a tentative deal with the FTC in June of 2010, and it had changed its privacy policy and begun implementing stricter security prior to the official agreement.