My Granny used to tell me that bad things always happen in threes. So that is my warning to Twitter. First there was the phishing scam. Now some 18-year-old hacker is getting into your admin tools via a dictionary attack and giving out creds to high-profile Twitter accounts (the basic security measure of limiting login attempts would have prevented that issue). So my question is, "What's next?"
This whole issue reminds me of a post I wrote over two years ago on Web 2.0. In that article, I compared Web 2.0 security to the early-to-mid 90's MS Office security issues. Back then, MSFT was doing all it could to get a bunch of wiz-bang features in Office so everyone would say "Oooh" and "Ahhh" and buy it because it was cool. Then the lid blew off because security wasn't even an afterthought. Same thing here. The people running the show at Twitter MUST consider security FIRST. Except for a password, security has been almost nil. Now Twitter is looking into it because some big events happened.
I understand not wanting to be restrictive since that tends to make people mad and go to some other app. But Twitter is not the same Twitter of a year ago. It is becoming a corporate tool. But it won't be if this continues to happen.
Seriously Twitter, you are about to lose a lot of people if you cannot get your security under control. It looks like you are taking some good steps, but I have to say that my resolve to keep twitting has been shaken because of this. Honestly, I am not too worried about the risk to me. I use Twitter to talk about what I am doing or my latest blog post or to have mini-conversations with friends (kind of like IM). There's nothing there that is personal, and most of my followers will likely notice if a bunch of weird Twitter messages start coming across on my account.
But if a company's account gets hacked, then what kind of damage can be done there? All it takes is a couple of well-crafted tweets that look close enough to the real thing to piss off a client or send them a link to a malware site to get them to quit Twitter altogether. And there are more and more companies using Twitter to communicate. I am not saying it is a lifleline for revenue, but it can be substantial enough to cause harm. Because of this, I have put off my plans to introduce Twitter to my company as a means for communication. It doesn't make sense right now, especially since I work for a security consulting company.
And seriously, when the President-Elect's Twitter account is hacked, things can get real ugly real fast. The Secret Service doesn't take anything lightly.
So Twitter, you had best emerge from this with a whole bunch of new security measures that are well thought out. Go hire a security expert. Get your stuff straight. Don't let a third incident happen. And believe me when I say this out of love. I use Twitter quite a bit (http://twitter.com/m1a1vet). I don't want to quit you.
[UPDATE] My friend and fellow blogger / Tweeter John Cook (@johndcook on Twitter) sent me a good article by Jeff Atwood on dictionary attacks written specifically for the Twitter issue. Pretty good read. Thanks John.