Welcome to WebmasterWorld Guest from 23.22.140.143

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Twitter Hacker Exposes Company Documents

     
7:20 pm on Jul 15, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22306
votes: 239


Twitter Hacker Exposes Company Documents [bits.blogs.nytimes.com]
The hacker claims to have private documents including confidential contracts with Nokia, Samsung, Dell, AOL, Microsoft; the resumes of people who have applied to work at Twitter; personal information about Twitter employees including credit card numbers; future business plans and floor plans and security codes for Twitter’s offices.
The hacker apparently broke into the Internet accounts of various Twitter employees, including Evan Williams, Twitter’s chief executive, as well as Mr. Williams’ wife, who does not work for Twitter, and two Twitter employees. He claims to have accessed Google Apps, Gmail, PayPal, Amazon, Apple, AT&T and MobileMe accounts.

Biz Stone wrote on the Twiter company blog [blog.twitter.com]


We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.

...as they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.

7:32 pm on July 15, 2009 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


Instead of circumventing any actual security measures, the hacker managed to correctly answer the personal questions that some Internet sites ask when users need to reset their passwords.

Illustrating that the weakest link in online security can be the user's lack of diligence and unpredictability.

7:39 pm on July 15, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 27, 2001
posts: 12166
votes: 51


As they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.

That's a pretty strong message right there. I saw the original Admin Docs posted back in 2009 April. They are still available. If that person were smart, they'd probably make them unavailable after the above statement.

What a bummer. Any one of us is subject to this same issue. If someone wants to hack your arse bad enough, they'll do it. And, it will probably be someone that you cannot prosecute due to their locale.

Good luck in finding the source of that hack Twitter.

And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

7:54 pm on July 15, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:July 29, 2007
posts:1532
votes: 9


Twitter secrets, couldn't he have picked a more juicy target? Just kidding, I hope they catch the thief and send a strong message at his expense.

From experience, divorced people can pose an even bigger threat. A diseased mind easily believes they still have a right to access the ex's life and they know the birth dates and social security numbers needed to bypass most any security measures.

Instead of blocking someone like that it's often best to simply let them in and have measures in place beyond what they expect to track their activities... then when the kids involved are grown up let the ex taste the effects of the law.

9:37 pm on July 15, 2009 (gmt 0)

Full Member

10+ Year Member

joined:June 18, 2004
posts:327
votes: 0


Twitter has contracts with Nokia!?

Nokia Siemens Network has confirmed it supplied Iran with the technology needed to monitor, control, and read local telephone calls.

[news.bbc.co.uk...]

3:39 am on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 30, 2006
posts:1599
votes: 1


just reminds me why i don't use any social networking sites.
4:45 am on July 16, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Apr 15, 2009
posts:148
votes: 0


Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.
4:53 am on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2003
posts:1199
votes: 0


Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.

Yes yes yes! I hate that my banks now *force* me to use this "security" feature which only increases vulnerability. In order to thwart that I have to make up answers to the security questions that aren't really true, and then painstakingly store them somewhere else, and then painstakingly look them up when I have to call my credit card company, for example.

Mother's maiden name, what a joke. Like I would give out the key to *all* my accounts everywhere, every time I talk to just *one* provider.

7:46 am on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

*thumbs up*
2:50 pm on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


I think this was a publicity stunt between TC and Twitter. Any reasonable person would not be publishing stolen documents and advertising it like a novel they are releasing in chapters.

It is all a big PR stunt by Twitter.

3:41 pm on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


Hadn't thought of that, but it's an interesting angle, and one where I would not be surprised if it's true.
5:41 pm on July 16, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22306
votes: 239


>It is all a big PR stunt by Twitter.

If it were, and found to be proven so, it would trash both parties credibility, entirely.

In addition, why would twitter need to do that? Their growth it still going up rapidly.

Methinks anti-cynical meds required. ;)

6:15 pm on July 16, 2009 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


I don't think Twitter is looking for media coverage. But you know TechCrunch is, always.

It's shameful the way TechCrunch has handled this. They have shown poor judgement in the past and this is right in character. they're like the TMZ of Silicon Valley.

7:04 pm on July 16, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 5, 2003
posts:61
votes: 3


I know any publicity is supposed to be good publicity, but security breaches? I don't think so.

This hurts both Twitter and TechCrunch, and at least Twitter doesn't need publicity stunts at the moment, as engine said.

7:12 pm on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


Maybe you are right. Off to take my anti-cynic meds...

But remember you heard it here first! ;-)

8:51 pm on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 17, 2002
posts:2251
votes: 0


I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

It's important to note that we have been given the green light by Twitter to post this information - They aren't happy about it, but they are able to live with it, they say (more on why they did that in our later post).

I'd provide a link to the article, but we're not generally permitted to post links to blogs here--for good reasons.

8:56 pm on July 16, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

Ha! I'm right! ;-)

6:12 am on July 18, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


quick, spit out the pills!
10:07 am on July 18, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10542
votes: 8


I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

not according to this tweet by Evan Williams [twitter.com]!

5:38 pm on July 18, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 17, 2002
posts:2251
votes: 0


I wish I could say that surprises me!

On the other hand, it also suggests plausible deniability. Arrington may have gotten his alleged permission from someone else so that Ev could deny knowing anything about it while still tacitly approving it.

7:45 pm on July 18, 2009 (gmt 0)

Senior Member

joined:Aug 12, 2004
posts:1781
votes: 0


I knew there was a reason I didn't like Twitter....

It's frivilous anyway. The entire concept of Twitter is immature. What did someone have for breakfast this morning? Who's kid got his braces off? Who lost their job and who got one?

I frankly don't care. I get enough of that crap in my own life and I certainly don't wanna read about someone elses BS.

I'm glad they got hacked and I hope they get hacked again.

I also wish I'd have thought of it.... Twitter, I mean...

8:13 am on July 20, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:July 29, 2007
posts:1532
votes: 9


In some cases I think the use of monitoring technology is brilliant.

examples:

#1 - 6 murders in a 6 month timespan go unresolved. Internet logs show that someone looked up all 6 victims online from the same residence just prior to each murder occurring. A murderer is put behind bars thanks to his internet activity that would otherwise have gotten away.

#2 - A fire rages out of control destroying 100 acres, 20 homes and claims 3 victims. Recorded satellite imaging can be used to "rewind" footage of the fire to find it's origin. When the fires starting point is found a vehicle was present, rewind the video further to see that it passed a major traffic intersection. Access the camera at the intersection to gain a license plate number and find the persons residence.

I could go on but you get the idea.

Now, in the examples nobody was being tracked, technology was used to find the bad guy. Recording phone conversation and watching people in their own homes is not the same because privacy is violated and the victim is known in advance.

I hope ALL companies/governments do their best to maintain that distinction (which it appears they have no interest in doing) because you CAN watch without intruding on privacy.

Cameras taking pictures of everyone at a baseball game is fine. Cameras tracking individuals and storing the images in the victims personal file is not fine, privacy was violated.

It's not an easy distinction to make.

9:39 am on July 20, 2009 (gmt 0)

Full Member

5+ Year Member

joined:Dec 2, 2008
posts:222
votes: 0


I'd be very wary about installing 3rd party tools on a Twitter account, as it seems, through my reading of some security blogs, that there is a lot of information that hacker can get to.

It would appear that there needs to be a stronger control of plugins for these SM apps, not just opening up the doors to anyone that know how to program. I know it's a bit off topic, but I thought I would mention it.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members