Skip the navigation
News Analysis

Hacker break-in of Twitter e-mail yields secret docs

Underscores problems broadcasting life's secrets to the world, say experts

By Gregg Keizer
July 16, 2009 01:16 PM ET

Computerworld - A hacker made off with confidential Twitter documents after breaking into an employee's e-mail account, the company's co-founder confirmed yesterday.

Security experts today said that the breach and theft highlights the problem people have with creating, and then remembering, strong passwords, and the increasing tendency to disclose personal information on services like Twitter and Facebook.

"What it boils down to is that people are lazy and lackadaisical about their personal paranoia," said Andrew Storms, director of security operations at nCircle Network Security. "People should be thinking twice about what they're making public."

The breach occurred about a month ago, said Twitter co-founder Biz Stone, when a hacker calling himself Hacker Croll broke into an administrative assistant's e-mail account, then used that to collect information that let him access the employee's Google Apps account. Twitter workers use the corporate version of Google Apps to share documents and other information within the company.

Hacker Croll then forwarded hundreds of pages of internal Twitter documents to Web sites, including TechCrunch, which in turn has published some and referred to others. Among the finds: Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013.

The privately held Twitter does not disclose the current number of users or its financials, but some metrics firms estimate the site has six million unique visitors a month. Documents disclosed by TechCrunch said Twitter was projecting 25 million users by the end of this year.

Stone denied reports that a bug in Google Apps was responsible. "This attack had nothing to do with any vulnerability in Google Apps, which we continue to use," he said in a blog entry yesterday. "This is more about Twitter being in enough of a spotlight that folks who work here can become targets. This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents."

Exactly, said security experts today, who put the blame on a combination of online password retrieval systems and people's disclosure of their personal life on social networking services.

"This has nothing to do with cloud computing," said Sam Masiello, vice president of information security at Englewood, Colo.-based MX Logic. "It's about weak passwords that are easily guessable, with a huge contribution from people's habit of putting online information that they wouldn't otherwise share with anyone but their closest friends. It's not hard to crack [password resets] with the information you can find freely available on social networking sites."

Like the breach of Gov. Sarah Palin's Yahoo e-mail account last fall, security researchers guessed that Hacker Croll gained access to the Twitter employee's account using Google's password reset feature, which poses several personal questions to authenticate the user. Hacker Croll likely dug up possible responses by rooting through the Web for details on the assistant, then used those to reset the password to one only he knew.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Security White Papers
Identity Governance: The Business Imperatives
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...
CA Technology Brief: CA Point of View: Content Aware Identity & Access Management
This paper explores the concept of content-aware IAM, describes the integrated architecture for this new approach, and highlights the benefits that this approach...
Google: Security for Google Apps Messaging & Collaboration
Content provided by Google

Find out about how Google creates a security-based platform for Google Apps, covering topics like information security, physical security, and...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Fundamental Principles of Network Security
This paper covers the fundamentals of secure networking systems, including firewalls, network topology and secure protocols. Best practices are also given that introduce...
All Security White Papers
Security Webcasts
Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
Introduction to VMware vCenter Site Recovery Manager 5
Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
The Top Ten Secrets to Avoiding SAN Performance Problems
Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
Deduplication Without Compromise
Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
Director of Disk Products Discusses DXi6700
Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
All Security Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs