Twitter has agreed to settle charges by federal regulators that it put the privacy of its users at risk by failing to protect them from data security lapses last year that let hackers access their accounts.

The Federal Trade Commission said Thursday the settlement bars Twitter from misleading consumers about its security and privacy practices and requires the start-up to establish a comprehensive information security program.

According to the FTC, hackers were able to view email addresses and other private user information, gain access to user messages, reset user passwords and send phony tweets from user accounts.

At least one phony tweet was sent from the account of Fox News and another phony tweet was sent from the account of then-President-elect Barack Obama offering more than 150,000 followers a chance to win $500 in free gasoline, the FTC said.

“At the time of the incidents, we were … in the midst of perhaps unprecedented user growth for an Internet company; and, didn’t employ the security methods that we use today,” the company said on Thursday.

Twitter said 45 accounts were accessed in the first incident and 10 accounts in the second incident.