Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: open
The hacker claims to have private documents including confidential contracts with Nokia, Samsung, Dell, AOL, Microsoft; the resumes of people who have applied to work at Twitter; personal information about Twitter employees including credit card numbers; future business plans and floor plans and security codes for Twitter’s offices.
The hacker apparently broke into the Internet accounts of various Twitter employees, including Evan Williams, Twitter’s chief executive, as well as Mr. Williams’ wife, who does not work for Twitter, and two Twitter employees. He claims to have accessed Google Apps, Gmail, PayPal, Amazon, Apple, AT&T and MobileMe accounts.
Biz Stone wrote on the Twiter company blog [blog.twitter.com]
We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.
...as they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.
Instead of circumventing any actual security measures, the hacker managed to correctly answer the personal questions that some Internet sites ask when users need to reset their passwords.
Illustrating that the weakest link in online security can be the user's lack of diligence and unpredictability.
As they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.
That's a pretty strong message right there. I saw the original Admin Docs posted back in 2009 April. They are still available. If that person were smart, they'd probably make them unavailable after the above statement.
What a bummer. Any one of us is subject to this same issue. If someone wants to hack your arse bad enough, they'll do it. And, it will probably be someone that you cannot prosecute due to their locale.
Good luck in finding the source of that hack Twitter.
And TechCrunch, how much more negative press do you want from the community? This should do it for ya.
From experience, divorced people can pose an even bigger threat. A diseased mind easily believes they still have a right to access the ex's life and they know the birth dates and social security numbers needed to bypass most any security measures.
Instead of blocking someone like that it's often best to simply let them in and have measures in place beyond what they expect to track their activities... then when the kids involved are grown up let the ex taste the effects of the law.
joined:Jan 30, 2006
Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.
Yes yes yes! I hate that my banks now *force* me to use this "security" feature which only increases vulnerability. In order to thwart that I have to make up answers to the security questions that aren't really true, and then painstakingly store them somewhere else, and then painstakingly look them up when I have to call my credit card company, for example.
Mother's maiden name, what a joke. Like I would give out the key to *all* my accounts everywhere, every time I talk to just *one* provider.
If it were, and found to be proven so, it would trash both parties credibility, entirely.
In addition, why would twitter need to do that? Their growth it still going up rapidly.
Methinks anti-cynical meds required. ;)
It's shameful the way TechCrunch has handled this. They have shown poor judgement in the past and this is right in character. they're like the TMZ of Silicon Valley.
It's important to note that we have been given the green light by Twitter to post this information - They aren't happy about it, but they are able to live with it, they say (more on why they did that in our later post).
I'd provide a link to the article, but we're not generally permitted to post links to blogs here--for good reasons.
I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.
not according to this tweet by Evan Williams [twitter.com]!
On the other hand, it also suggests plausible deniability. Arrington may have gotten his alleged permission from someone else so that Ev could deny knowing anything about it while still tacitly approving it.
joined:Aug 12, 2004
It's frivilous anyway. The entire concept of Twitter is immature. What did someone have for breakfast this morning? Who's kid got his braces off? Who lost their job and who got one?
I frankly don't care. I get enough of that crap in my own life and I certainly don't wanna read about someone elses BS.
I'm glad they got hacked and I hope they get hacked again.
I also wish I'd have thought of it.... Twitter, I mean...
#1 - 6 murders in a 6 month timespan go unresolved. Internet logs show that someone looked up all 6 victims online from the same residence just prior to each murder occurring. A murderer is put behind bars thanks to his internet activity that would otherwise have gotten away.
#2 - A fire rages out of control destroying 100 acres, 20 homes and claims 3 victims. Recorded satellite imaging can be used to "rewind" footage of the fire to find it's origin. When the fires starting point is found a vehicle was present, rewind the video further to see that it passed a major traffic intersection. Access the camera at the intersection to gain a license plate number and find the persons residence.
I could go on but you get the idea.
Now, in the examples nobody was being tracked, technology was used to find the bad guy. Recording phone conversation and watching people in their own homes is not the same because privacy is violated and the victim is known in advance.
I hope ALL companies/governments do their best to maintain that distinction (which it appears they have no interest in doing) because you CAN watch without intruding on privacy.
Cameras taking pictures of everyone at a baseball game is fine. Cameras tracking individuals and storing the images in the victims personal file is not fine, privacy was violated.
It's not an easy distinction to make.
It would appear that there needs to be a stronger control of plugins for these SM apps, not just opening up the doors to anyone that know how to program. I know it's a bit off topic, but I thought I would mention it.