For instance, users can send “direct messages” to a specified follower so that only the specific author and recipient can view the message. Twitter users can also click a button labeled “Protect my tweets,” which means only approved followers can view them.
According to the FTC, the privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information.
In January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter after submitting thousands of guesses into Twitter’s login website. The hacker reset at least one Twitter user’s password, and could access nonpublic user information and tweets for any Twitter users.
According to the FTC’s complaint, Twitter was vulnerable to these attacks because it failed to prevent unauthorized administrative control of its system, including reasonable steps in password management among administrators and employees.
http://www.darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=225701520&cid=RSSfeed_DR_News