Twitter has been ordered to set up and maintain a comprehensive information security programme and allow a third-party review of that programme every two years for 10 years.
This is the chief requirement of a settlement with the US Federal Trade Commission (FTC). The FTC took Twitter to task over its lax security procedures that enabled hackers to post fake statements from the accounts of US President Barack Obama and others.
The settlement, which closed the FTC's first action against a social networking site over security, also requires Twitter to take a number of security steps to protect user data.
But Twitter said it has already implemented many of the FTC's suggestions and the agreement merely formalises the microblogging service's commitment to those security practices, according to US reports.
The FTC found that Twitter did not restrict administrative access to certain computers, prohibit simple passwords for administrators or require regular password changes.
The settlement bars Twitter from misleading users about the extent to which it protects their privacy and personal information for 20 years.