A hacker has used a Twitter (www.twitter.com) administrative employee’s personal email account to gain access to company notes, spreadsheets, ideas, financial details and more.
According to blog posts from Twitter and tech news site TechCrunch, about a month ago the “anti-social” hacker, identified as “Hacker Croll,” gained access to the employee’s Google Apps, which Twitter relies on for sharing within the company, giving the intruder access to documents, calendars, and other material. The attack, Twitter specifies, had nothing to do with any vulnerability in Google Apps, but rather a lapse in personal security, according to Twitter co-founder Biz Stone.
“This is more about Twitter being in enough of a spotlight that folks who work here can become targets,” Stone wrote in a blog post. “In fact, around the same time, Evan’s wife’s personal email was hacked and from there, the hacker was able to gain access to some of Evan’s personal accounts such as Amazon and PayPal but not email. This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.”
It is important to note that the incident was not a hack on the Twitter service, but the theft of private company documents, and no Twitter user accounts or user accounts compromised. The documents were downloaded and offered to various blogs and publications including TechCrunch.
Stone notes that what was stolen from Twitter, while private, was not necessarily evidence for a “secret plan for taking over the world,” but rather documents and files that are not yet polished for prime time.
“As [Forbes magazine tech reporter] Peter Kafka put it, this is ‘akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there.’ That is an apt analogy.”
TechCrunch blogger Michael Arrington, having been privy to the 310 documents, notes that the documents range from executive meeting notes, partner agreements and financial projections to employee meal preferences, calendars and phone logs. “The vast majority of them are somewhat embarrassing to various individuals, but not otherwise interesting,” Arrington writes. “Some documents show floorplans and security passcodes to get into the Twitter offices. We’re not going to post any of those documents. But we are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings.”