Incident of the Week: French Hacker Compromises Twitter Employee Passwords, Steals Company Documents

This week, Twitter co-founder Evan Williams confirmed that the company has been the victim of an attack that compromised a number of employee personal accounts at Amazon, PayPal and AT&T, employee personal email and Twitter’s internal company documents.  The hacker, who goes by the handle “Hacker Croll,” has apparently emailed a collection of 310 internal Twitter documents to TechCrunch, including a presentation for a proposed reality television show called “Final Tweet” and a February 2009 financial forecast.  Many wait to see what other documents will come to light while TechCruch negotiates with Twitter’s lawyers.

Postings on the French website claim that Hacker Croll obtained a list of employees, along with employees’ credit card numbers, telephone numbers, meeting reports, time sheets, salary information, confidential Twitter contracts with Microsoft, Nokia, Samsung and other companies, as well as a list of celebrity  “High Profile Users.”

Twitter’s Evan Williams stated “This had nothing to do with the security of, and there were no user accounts compromised here.”  This was reiterated in Biz Stone’s post on the Twitter blog, appropriately entitled “Twitter, Even More Open Than We Wanted.”  Stone notes “This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.”

This is not the first time that poor password security has led to a noteworthy breach (see WIRED Magazine’s account of how one hacker used publicly available information to hack into Sarah Palin’s email).  This may serve as a good reminder to many of us that we may want to take the time to change our passwords today (and select a combination with at least 6 characters, at least one capital letter and at least one number).



Leave a Reply

Your email address will not be published. Required fields are marked *