Twitter Responds to the Leaking of 300 Confidential Documents

-13 Points

Twitter is no stranger to damage control. That's what the Twitter Blog is for - giving the Microblogging service a platform to spin the news, in more than 140 characters. That's why it was no surprise to find a new blog post up there today discussing the much-tweeted leak of over 300 internal, confidential Twitter documents. In it, Evan Williams confirms what most of us had already suspected: it's not a hoax.

In fact, the details of the security leak are pretty much exactly as the hacker had described them - about a month ago, the hacker successfully targeted a Twitter employee's email account, and was able to gain information that led to his being able to gain access to Twitter's 100% Cloud-Hosted Google Apps account. That gave them access to, well, everything that was up there - and there was apparently quite a bit up there.

Only one Twitter account had its username and password revealed, he said. Williams makes it a point to let people know that it's not a vulnerability with Google Apps, and that it's not a vulnerability of Twitter itself. Which pretty much means that it's a vulnerability of the employee who was storing important information like Google Apps credentials in her email account. A chain is only as strong as its weakest leak, and in this case, that leak appears to have been a single email account with more information in it than any email account should reasonably have.

It's an interesting blog posts. Evan Williams manages to work in a thinly-veiled threat of legal action against anyone in possession of, but most especially, anyone circulating, the documents (read: Michael Arrington):

We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We're not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.

Translation: We're not sure yet whether or not we can threaten you, but as soon as we're sure we can, we're going to threaten you.

Later in the blog post, Williams also references, rather obliquely, the people who's professional lives might be ruined over all of this: the list of people who've interviewed at Twitter over the last several months, many of whom are still in their current positions. When their bosses find out they were interviewing with Twitter behind their backs (personal day my ass!) they'll probably be none too pleased:

Nevertheless, as they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.

Translation: If you interviewed at Twitter during the last few months, you're totally screwed, and for that, we apologize.

As usual, Williams tries to play down the entire incident, calling it akin to having one's underwear drawer rifled through. That's an apt metaphor, if your underwear drawer is full of 300+ internal, confidential Twitter documents (mine is!).

The plot thickens.

Jul 16, 2009
In:

Share this post on:

  • del.icio.us
  • Digg
  • Twitter
  • Facebook
  • Google
  • MySpace
  • Reddit
  • StumbleUpon
  • Technorati
Comments
Twittown Comments
Submitted by Fernando Celibataire (not verified) on Jul 16, 2009 23:21 says:

Common let's twitt again like we did last summer...! Great post!

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <br>
  • Lines and paragraphs break automatically.

More information about formatting options