Twittergate: "Most difficult part of Web 2.0 security is the human''

NOTE: GrowthBeat tickets go up $200 this Friday at 5pm Pacific. VentureBeat is gathering the best and brightest in modern digital marketing to help declutter the landscape, simplify the functions, clarify the goals, and point the way to success. Get the full scoop here, and register by Friday to save!

The release of Twitter’s internal documents overnight by a hacker is a potent reminder of how much information we store in the cloud and how vulnerable that data is.

Furthermore, it raises questions about Twitter’s security practices, given that the break-in didn’t happen because of a complicated hacking strategy, but because the hacker got the right answers to password reset questions. Twitte co-founder Biz Stone stressed that the attack didn’t compromise any Twitter accounts and was instead a personal hit on an administrative employee’s and Ev Williams’ wife’s accounts. Twitter said it has performed a security audit and has reminded employees of personal security guidelines.

Although Twitter is largely known as a public platform where people communicate openly, it’s also become a substitute for instant messaging or short e-mails with the direct message function. People use direct message, or “DM” for short, to schedule meet-ups in new cities or to solicit answers to questions from followers.

Twitter has also become an important brand management and marketing tool for companies, so a break-in could leave a company open to potentially destructive tweets to customers. In January, this happened to 33 high-profile accounts, including those belonging to Barack Obama and CNN’s Rick Sanchez.

So what can you do to protect yourself? The difficult part of Web 2.0 security isn’t actually the technical side. It’s the human, said David Marcus, director of security, research & communications at security software maker McAfee.

He had a few pieces of advice:

1. Be careful about what you share: It becomes easier and easier to share personal details without thinking on Twitter. Compiled together, a person’s entire tweet stream can easily reveal where they live.

2. Don’t use your Twitter password for other Web 2.0 services. From a hacker’s perspective, if a password combination works on Twitter it’s probably worth trying elsewhere.

3. Be judicious about the third-party applications you access.

4. If you’re keeping data in the cloud (in any service, e-mail, Twitter or otherwise), do due diligence to make sure that company has good security practices.


We're studying digital marketing compensation: how much companies pay CMOs, CDOs, VPs of marketing, and more, with ChiefDigitalOfficer. Help us out by filling out the survey, and we'll share the results with you.