Twitter has settled charges with the Federal Trade Commission for failing to safeguard the personal information of its users. The FTC says that Twitter had "serious lapses in the company’s data security," and as a result, Twitter must have its information security program independently evaluated every three years. 

The company also cannot mislead consumers about its security and privacy policies for 20 years. (No word on what can happen once year 21 rolls around. All bets are off?)

The FTC had originally accused the social media service of making private tweets and the login credentials of users easily available to "hackers" between January and May of 2009. During that time, someone was able to gain administrative access to Twitter's system (and therefore access to thousands of user accounts, passwords, direct messages, and more) simply by using password-guessing software. That user reset numerous user passwords, allowing others to access those accounts.