Social networking site Twitter on Thursday settled Federal Trade Commission charges that "serious lapses" in data security put its users at risk. The FTC in its administrative complaint (pdf) said these security lapses allowed hackers to obtain administrative control of Twitter and send out phony tweets from users including then-President-elect Barack Obama and Fox News.
The hackers were also able to gain access to nonpublic user information.

The first security breach occurred in January 2009, when a hacker gained administrative control of Twitter after submitting thousands of guesses into Twitter's login webpage via an automatic password-guessing tool. The hacker eventually hit on the correct password (a "weak, lower case, common dictionary word," according to the FTC) and sent fraudulent tweets from user accounts.

Among them: Obama, who offered his more than 150,000 Twitter followers $500 in free gasoline.

In April 2009, a second breach occurred after a hacker accessed a Twitter employee's personal e-mail account and used information there to guess the employee's Twitter administrative password.

Twitter on its corporate blog stressed the incidents were small in scale, noting "There were 45 accounts accessed in a January incident and 10 that April for short periods of time... Within hours of the January breach, we closed the security hole and notified affected account holders. We posted a blog post about it on the same day. In the April incident, within less than 18 minutes of the hack we removed administrative access to the hacker and we quickly notified affected users."

Twitter also noted that the company at the time employed less than 50 people and was the "victim of an attack."