A person going by the name of Hacker Croll has distributed hundreds of private documents they obtained from hacking into the private email of Twitter employees.
Much of the material is being distributed by TechCrunch and other sources. The action, which includes the release of 310 documents ranging from executive meeting notes, partner agreements and financial projections, amount to a corporate pillage that shows how important security plays now in the Internet age. Our writer Dean Takahashi has continued to write about how easy it is to hack email, web sites, and other electronic information (in fact Dean even built his own hacker software), but many people shirk taking extra security measures. To some extent, it’s human nature: Implementing security measures takes time and resources, and you’re never quite sure what the payoff will be.
But the attack is more significant for Twitter, because of the implications it could have for the millions of Twitter users. Increasingly, they’re using Twitter to send personal messages (using “direct message”), which are not intended for public consumption. Indeed, Twitter has been expanding to essentially become an email-like dashboard for some users — you can use it as a proxi instant messaging service. Your dirty secrets being revealed on the Internet by some ruthless hacker could become your biggest nightmare.
The latest incident may have started back in May, when there were reports that Twitter was hacked by someone who got into the accounts of several Twitter employees and then accessed the Twitter accounts of celebrities such as Britney Spears and Ashton Kutcher. The hacker posted screen shots of the accounts on a French message board, and they’ve surfaced more recently here (with translation here).
However, in a response to a inquiry by TechCrunch yesterday, Twitter co-founder Ev Williams suggests that the latest hack may have been unrelated to the May attack, saying it didn’t include getting access to Twitter accounts — but his response wasn’t entirely clear on that.
Here’s what he did concede: The email of an administrative employee was compromised, as was Williams’ wife’s Gmail account, which is where Williams says the Hacker got access to some of his credit cards and other information. The hacker also got into “a couple” other employees personal accounts (including Amazon, AT&T, Paypal and more):
In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.
The released documents also included stuff from meal preferences, calendars and phone logs of various Twitter employees, to more strategic projections such as plans for Twitter’s reality TV show, the Final Tweet. TechCrunch said it would not release a bunch of other documents that would be highly distressing, such as emails with details about prospective employees who had interviewed for jobs at Twitter but had remained at their existing jobs.
Other blogs such as Mashable have stated that they will not be publishing this information.