So the FTC reads about horses escaping, tells the farmer to close the barn door, and reports that as a successful enforcement action. Woohoo, your tax dollars at work!
Twitter didn't need any federal regulator to tall them to improve their practices; the embarrassment of the well-publicized incident -- and their continuing growth as a prominent target -- gives them all the motivation they need.
* requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks;
* prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts;
* suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts;
* providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;
* enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days;
* restricting access to administrative controls to employees whose jobs required it; and
* imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.
[http://ftc.gov/opa/2010/06/twitter.shtm]