The charge was serious: that Twitter on more than one occasion told consumers that the company was protecting their privacy when they, in fact, were not. Which is where the hackers come in.
Specifically, the FTC alleged that due to “serious lapses” in security, hackers obtained “unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account.” (Non-public user information includes things like email addresses, IP addresses and private messages.)
According to the FTC, the hackers gained control of Twitter on two occasions between January and May of 2009. And today, after many months of consideration, the FTC and Twitter came to an agreement over the incident. Under the terms of the settlement, “Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information….” The company also must “establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.”
Twitter officially admits no wrongdoing, but failing to live up to terms of the settlement could cost them as much as $16,000 per violation.
More on TIME.com: