Twitter has been barred from overstating the extent to which it can securely manage user information for the next 20 years in a settlement with the US Federal Trade Commission.
The micro blogging site had been investigated over two hacking incidents in 2009 in which 55 accounts were hijacked, including US President Barack Obama’s.
The accounts were hijacked after someone hacked into Twitter’s support team administration tools, the company admitted after the incidents occurred.
The FTC alleged the attacks exposed non-public information and information that users had designated as private, such as private Tweets.
The regulator took exception to the wording of Twitter’s security claims in its original privacy policy, which said it employed “administrative, physical and electronic measures designed to protect your information from unauthorised access”.
Twitter's subsequent versions, which can be found here, make no claims about the level of security it provides.
The FTC also ordered Twitter to establish and maintain a “comprehensive information security program”, which would be assessed biannually by an independent auditor for the next decade.
