Twitter just announced it has reached an agreement with the Federal Trade Commission that resolves some concerns the organization had with Twitter’s security practices.
The concerns at hand involve some compromises made last year, which Twitter had already addressed, and most people had probably forgotten about by now. Twitter’s A. Macgillivray explains on the Official Twitter Blog:
Early in 2009, when Twitter employed less than 50 people, we faced two different security incidents that impacted a small number of users. Put simply, we were the victim of an attack and user accounts were improperly accessed. There were 45 accounts accessed in a January incident and 10 that April for short periods of time. In the first incident, unauthorized joke tweets were made from nine accounts and attackers may have accessed nonpublic information such as email addresses and mobile phone numbers. In the second, nonpublic information was accessible and at least one user’s password was reset.
Within hours of the January breach, we closed the security hole and notified affected account holders. We posted a blog post about it on the same day. In the April incident, within less than 18 minutes of the hack we removed administrative access to the hacker and we quickly notified affected users. We also posted this blog item about the incident within a few days of first learning about it.
Macgillivray adds that even before the agreement was reached, Twitter had implemented various suggestions from the FTC. So basically this announcement and the agreement are just a formality.