PCMag.com (June 24, 2010)
"Twitter on Thursday reached a settlement with the Federal Trade Commission over charges that it failed to adequately safeguard user information, which led to two high-profile hacker attacks in early 2009.
"The case is the first that the FTC has brought against a social networking site, it said.
"Under the terms of the deal, Twitter is banned for the next 20 years from misleading consumers about the extent to which it protects the security and privacy of non-public information, the FTC said. Twitter must also establish a comprehensive information security program, which will be assessed by an independent third party every other year for the next 10 years...."
Somebody's hacked into Twitter's administrative accounts more than once - it looks like the Lemming posted about the first one, back on January 6, 2010. Back to the PCMag.com article:
"...In the first case, which happened in January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter. Twitter's system did not automatically lock people out after they failed to guess the correct password after several tries, so the hacker was able to submit thousands of guesses before gaining access.
" 'The administrative password was a weak, lower case, common dictionary word,' according to the FTC...."
Two (rookie?) mistakes: letting a bot try a large number of times to guess the password; and using a "common dictionary word." I looked it up: the password was "happiness." Well, it could have been worse. The admin might have chosen password as the password.
What impressed me was that Twitter didn't clamp down on security after that January 2009 caper.
I use Twitter myself (where I'm Aluwir), but I'm not too concerned about "privacy" of my account information - I've followed the same rule there that I do elsewhere online: I never give more information than I would put on the back of a postcard. With the exception of a few financial accounts, where I'm pretty sure the company is playing with a full bag of marbles.
Of course, I'd hate to lose my account because my password got broadcast to the world.
Bottom line, I think, is that Twitter needs to accept the fact - fast - that it's no longer a little circle of like-minded people in a San Francisco neighborhood. Twitter is a huge online community: and folks who use Twitter need to be able to trust the system.
- "Lemming Tracks: Twitter, Capacity, and AOL's Reality Check"
(June 15, 2010)
- "3,300,000 People's Student Loan Data Stolen: That's a Lot of Zeroes"
(March 27, 2010)
- "If Your Password is "Password1" - CHANGE IT"
(November 24, 2009)
- "Twitter Trouble: It Could Have Been Worse - The Adminstrator's Password Could Have Been 'Password' "
(January 6, 2009)
A tip of the hat to TweetSmarter (formerly Twitter_Tips), on Twitter, for the heads-up on the article.