Twitter calls lawyer over hacking

By Maggie Shiels Technology reporter, BBC News, Silicon Valley

Twitter employees can be a target, said Biz Stone

The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.

TechCrunch has made public some of the 310 bits of material it was sent.

It posted information about Twitter's financial projections and products.

"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone.

In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.

"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Mr Stone, Twitter's co-founder, went on to stress that "the attack had nothing to do with any vulnerability in Google Apps".

Beyond the issue of journalistic ethics, the whole incident also raises interesting questions about the security of cloud computing Rory Cellan-Jones Read Rory's blog in full

He said this was more to do with "Twitter being in enough of a spotlight that folks who work here can be a target".

In his blog post, Mr Stone underlined the need for increased online security within the company and for staff to ensure their passwords are robust.

It is believed a French hacker who goes by the moniker "Hacker Croll" illegally accessed the files online by guessing staff members' passwords.

"News value"

A number of technology blogs were offered the documents for publication in what is now being dubbed "Twittergate" in some online forums.

TechCrunch, one of the most respected blogs in Silicon Valley, has set off a firestorm of criticism and debate over its decision to post some of the material.

Sensitive documents were hacked

It started things off with what it called a "softball" and published details about a reality TV show involving Twitter. Details of such a programme were made public in May.

That was followed by documents relating to an internal Twitter financial forecast that the company said is no longer accurate.

"There is clearly an ethical line here that we don't want to cross, and the vast majority of these documents aren't going to be published, at least by us.

"But a few of the documents have so much news value that we think it's appropriate to publish them," wrote TechCrunch Editor and founder Michael Arrington

Mr Arrington noted the site received a deluge of comments on the issue and said "many users say this is "stolen" information and therefore shouldn't be published. We disagree.

"We publish confidential information almost every day on TechCrunch. This is stuff that is also "stolen," usually leaked by an employee or someone else close to the company."

The TechCrunch founder cited examples of stories it has covered in the past that involved information it had acquired and also those covered by newspapers like the Wall Street Journal that had done a similar thing.

Mr Arrington said that he has also consulted lawyers about the laws that cover trade secrets and the receipt of stolen goods.

"Embarrassing"

Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.

The hacker has claimed to have wanted to teach people to be more careful and in a message to the French blog Korben, wrote that his attack could make internet users "conscious that no one is protected on the net."

Twitter needs to force users to wise up, said one analyst

"The security breach exploited "an easy-to-guess password and recovery question, which is one of the simplest ways to make a username and password combination really insecure," said Phil Wainewright of ZDNet.com

"Unfortunately, users won't wise up until the cloud providers force them to."

In a study last year the security firm Sophos found that 40% of internet users use the same password for every website they access.

The affair has put Google on the defensive because the information was stored in Google Apps, an online package of productivity software that includes email, spreadsheets and calendars.

The company issued a blog post. While it highlighted the need for strong security, it said it could not discuss individual uses or customers.

Twitter's Mr Stone tried to play down the importance of the information being touted around the web.

"Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world.

"This is "akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there." That is an apt apology," Mr Stone said.

At the social media blog Mashable, Adam Ostrow agreed.

"It's another embarrassing moment in Twitter's torrid growth, but nothing that's likely to bring the house down."

E-mail this to a friend

Printable version