Twittergate: "Most difficult part of Web 2.0 security is the human''

The release of Twitter’s internal documents overnight by a hacker is a potent reminder of how much information we store in the cloud and how vulnerable that data is.

Furthermore, it raises questions about Twitter’s security practices, given that the break-in didn’t happen because of a complicated hacking strategy, but because the hacker got the right answers to password reset questions. Twitte co-founder Biz Stone stressed that the attack didn’t compromise any Twitter accounts and was instead a personal hit on an administrative employee’s and Ev Williams’ wife’s accounts. Twitter said it has performed a security audit and has reminded employees of personal security guidelines.

Although Twitter is largely known as a public platform where people communicate openly, it’s also become a substitute for instant messaging or short e-mails with the direct message function. People use direct message, or “DM” for short, to schedule meet-ups in new cities or to solicit answers to questions from followers.

Twitter has also become an important brand management and marketing tool for companies, so a break-in could leave a company open to potentially destructive tweets to customers. In January, this happened to 33 high-profile accounts, including those belonging to Barack Obama and CNN’s Rick Sanchez.

So what can you do to protect yourself? The difficult part of Web 2.0 security isn’t actually the technical side. It’s the human, said David Marcus, director of security, research & communications at security software maker McAfee.

He had a few pieces of advice:

1. Be careful about what you share: It becomes easier and easier to share personal details without thinking on Twitter. Compiled together, a person’s entire tweet stream can easily reveal where they live.

2. Don’t use your Twitter password for other Web 2.0 services. From a hacker’s perspective, if a password combination works on Twitter it’s probably worth trying elsewhere.

3. Be judicious about the third-party applications you access.

4. If you’re keeping data in the cloud (in any service, e-mail, Twitter or otherwise), do due diligence to make sure that company has good security practices.


VentureBeat is studying mobile marketing automation. Chime in, and we’ll share the data.