0

Anyone else getting pretty fed up with the number of headlines both online and in the print media which have been exclaiming 'Twitter hacked' this week? I have even just got a press release, from a storage systems company of all things, that has the strap line of "Twitter hack caused by lack of security" and starts "News that Twitter has been hacked yet again comes as no surprise." Well it comes as something of a surprise to me, to be honest, not least considering that Twitter has not actually been hacked at all.

It is surely stretching both journalistic and marketing license to the limit to proclaim that Twitter has been hacked when in actual fact the security breach was concerning a Google Apps account? Yes, that account was operated by a Twitter employee and, yes, the 300 Google Docs documents stolen include projected Twitter annual revenues for 2013.

Embarrassing for the chap concerned without a doubt, not the greatest thing that can happen to a company for sure, a Twitter hack? Not on your nelly.

Twitter founder Biz Stone concedes that "an administrative employee here at Twitter was targeted and her personal email account was hacked" which allowed the hacker to gain enough personal detail to "access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company." Specifically, the employee used the same non-unique password on multiple services. Doh!

So Twitter was guilty of not ensuring that employees were, perhaps, as careful with personal information from the security perspective as they should have been. Twitter really is not alone in this regard and the company has performed a security audit to remind employees of this. Indeed, I understand that random password generators as well as two-factor authentication for more sensitive systems are now mandatory at Twitter HQ.

Biz Stone is quick to point out that the attack "had nothing to do with any vulnerability in Google Apps" which it continues to use, and insists that it was more about "Twitter being in enough of a spotlight that folks who work here can become targets." Indeed, he reveals that at the same time the personal email account of the wife of Twitter co-founder Evan Williams was hacked and the hacker gained access to some personal accounts such as Amazon and PayPal. Stone continues "This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords."

Amen to that.

So let's just reiterate, in case any mainstream media journos want to correct their stories: no Twitter user accounts were compromised, not even mine, this was not an attack on the Twitter service although it did involve the theft of Twitter company documents.

Twitter is currently consulting with legal counsel about "what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents" as publishing documents."

Amen to that as well. While moonfruit did not destroy Twitter misdirected media attention could certainly cause company damage.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
2
Views
8 Years
Discussion Span
Last Post by xfranco
0

Nice post again, happygeek! I could not agree more.

The media has certainly played a larger role in any perception fluxuations for Twiter than the company or application itself.
Is it not strange how we as humans go through the same process everytime new technology (or something reletively innovative, i.e. Twitter) comes into being: Oppinion leaders adapt in early stages, mass population amused by the new "toy" and starts getting involved, there after launch success and low and behold, someone finds a way to use the new technology/toy to exploit some or other weakness for selfgain. And at this very moment the media (now bored with covering a successful Twitter) tries to create (normally very sensational) doubt about it. In retrospect, while frustrating on a day to day basis (which is our perceptions) it does cause communication and therefore we have the opportunity the clear the air, a very healthy (and necessary) exercise.
So, Twitter = Yeah! and Media = *pinch of salt

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.