Twitter Hacked! Again! & the Private Information is Getting Published by TechCrunch!!

  • coolarmydude

    Posts: 9196

    Jul 16, 2009 12:04 AM GMT

    SAN FRANCISCO - Technology news Web site TechCrunch published on Wednesday sensitive internal documents belonging to Twitter, including financial projections, offering a rare glimpse into the wildly popular microblogging site.

    TechCrunch reported that a hacker had gained "easy access" to hundreds of pieces of internal Twitter information — from pass codes to meeting minutes — and then forwarded the data to the site en masse.

    This marks the third time this year the San Francisco-based company was the victim of a security breach stemming from a simple end-run around its defenses: A hacker guessed the password for an employee's personal e-mail account and worked from there to steal confidential company documents.

    Twitter, a social networking company that permits users to post tweets of 140 characters or less, has catapulted to prominence in past months, particularly after it was used by protesters in Iran following a disputed election there.

    "We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts and subsequently shares or publishes these stolen documents," Twitter said in an official blog post.

    Dangers highlighted
    The techniques used by the attackers to obtain access to Twitter highlight the dangers of a broader trend promoted by Google Inc. and others toward storing more data online, instead of on computers under your control.

    The shift toward doing more over the Web — a practice known as "cloud computing" — means that mistakes employees make in their private lives can do serious damage to their employers, because a single e-mail account can tie the two worlds together.

    Stealing the password for someone's Gmail account, for example, not only gives the hacker access to that person's personal e-mail, but also to any other Google applications they might use for work, like those used to create spreadsheets or presentations.

    That's apparently what happened to Twitter, which shares confidential data within the company through the Google Apps package that incorporates e-mail, word processing, spreadsheet, calendar and other Google services for $50 per user per year.

    Co-founder Biz Stone wrote in a blog posting Wednesday that the personal e-mail of an unnamed Twitter administrative employee was hacked about a month ago, and through that the attacker got access to the employee's Google Apps account.

    Separately, the wife of co-founder Evan Williams also had her personal e-mail hacked around the same time, Stone wrote. Through that, the attacker got access to Williams' personal Amazon and PayPal accounts.

    Stone said the attacks are "about Twitter being in enough of a spotlight that folks who work here can become targets."

    Twitter says only one user account was potentially compromised because a screenshot of the account was included among the stolen documents. The value in hijacking a user's account is limited, as those attacks are mainly used to post fake messages and try to trick the victim's friends into clicking on links that will infect their computers.

    ‘Somewhat embarrassing’
    TechCrunch defended its right to make the material public while saying it would exercise restraint on material such as personnel records.

    "We are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings," TechCrunch founder and co-editor Michael Arrington wrote.

    "We've spent most of the evening reading these documents. The vast majority of them are somewhat embarrassing to various individuals, but not otherwise interesting."

    "But a few of the documents have so much news value that we think it's appropriate to publish them."

    TechCrunch had so far posted a single document, a discussion about a proposed reality television show. Within hours of its posting, hundreds of readers condemned the site for the move.

    Sensitive Twitter documents were filched, though.

    The hacker claims to have employee salaries and credit card numbers, resumes from job applicants, internal meeting reports and growth projections.

    Stone said the stolen documents "are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world," but said they are sensitive enough that their public release could jeopardize relationships with Twitter's partners.

    "Obviously Twitter is a very attractive target for hackers or attackers, because of its high profile as a very popular media Web site," said Joris Evers, a spokesman and security expert at McAfee, which protects against Internet threats.

    What the attacks on Twitter show is that Web sites don't need to get compromised in the traditional sense
  • coolarmydude

    Posts: 9196

    Jul 16, 2009 12:09 AM GMT
    My take on this is that I hope that TechCrunch gets "crunched" by the law to the fullest extent possible. If someone receives stolen goods, they can be punished under the law. The same standard should apply in information techonolgy. If an organization or indivdual receives stolen information from a hack job, they should be punished mercilessly!!

    "TechCrunch defended its right to make the material public ..." I can't stand their arrogance!
  • Posted by a hidden member.
    Log in to view his profile

    Jul 16, 2009 12:35 AM GMT
    TechCrunch has been kinda shady lately. In the past year or so, they've been accused of fabricating news. And posting rumors from unverified sources.

    As for Twitter.. I'm not surprised. They really need to start acting like a legit company and not so much like a weekend project.