FTC settles Twitter hacking investigation

An investigation that the Federal Trade Commission launched into Twitter's allegedly lax security practices following two high-profile hacking incidents last year has been settled, the company announced on Thursday.

Twitter general counsel Alexander MacGillivray, who joined the company last summer after serving as a member of Google's legal team, posted an entry on the company blog on Thursday explaining the situation. "Early in 2009, when Twitter employed less than 50 people, we faced two different security incidents that impacted a small number of users," the post explained. "Put simply, we were the victim of an attack and user accounts were improperly accessed."

In January and April of 2009, Twitter was subjected to first a hack that targeted celebrities' accounts and then a data breach that made private information (including internal Twitter documents) accessible to the attackers. The FTC claimed that these security breaches highlighted the fact that Twitter wasn't implementing adequate measures to protect its users: requiring hard-to-guess passwords, requiring employees to change their passwords every few months, and restricting internal access to potentially sensitive data, among other charges.

For more on this story, see Twitter, FTC reach agreement on security on CNET News.