Hacker break-in of Twitter e-mail yields secret docs

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Barefootsies
    Choice is an Illusion
    • Feb 2005
    • 42635

    #1

    Hacker break-in of Twitter e-mail yields secret docs

    Computerworld - A hacker made off with confidential Twitter documents after breaking into an employee's e-mail account, the company's co-founder confirmed yesterday.

    Security experts today said that the breach and theft highlights the problem people have with creating, and then remembering, strong passwords, and the increasing tendency to disclose personal information on services like Twitter and Facebook.

    "What it boils down to is that people are lazy and lackadaisical about their personal paranoia," said Andrew Storms, director of security operations at nCircle Network Security. "People should be thinking twice about what they're making public."

    The breach occurred about a month ago, said Twitter co-founder Biz Stone, when a hacker calling himself Hacker Croll broke into an administrative assistant's e-mail account, then used that to collect information that let him access the employee's Google Apps account. Twitter workers use the corporate version of Google Apps to share documents and other information within the company.

    Hacker Croll then forwarded hundreds of pages of internal Twitter documents to Web sites, including TechCrunch, which in turn has published some and referred to others. Among the finds: Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013.

    The privately held Twitter does not disclose the current number of users or its financials, but some metrics firms estimate the site has six million unique visitors a month. Documents disclosed by TechCrunch said Twitter was projecting 25 million users by the end of this year.

    Stone denied reports that a bug in Google Apps was responsible. "This attack had nothing to do with any vulnerability in Google Apps, which we continue to use," he said in a blog entry yesterday. "This is more about Twitter being in enough of a spotlight that folks who work here can become targets. This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents."

    Exactly, said security experts today, who put the blame on a combination of online password retrieval systems and people's disclosure of their personal life on social networking services.

    "This has nothing to do with cloud computing," said Sam Masiello, vice president of information security at Englewood, Colo.-based MX Logic. "It's about weak passwords that are easily guessable, with a huge contribution from people's habit of putting online information that they wouldn't otherwise share with anyone but their closest friends. It's not hard to crack [password resets] with the information you can find freely available on social networking sites."

    Like the breach of Gov. Sarah Palin's Yahoo e-mail account last fall, security researchers guessed that Hacker Croll gained access to the Twitter employee's account using Google's password reset feature, which poses several personal questions to authenticate the user. Hacker Croll likely dug up possible responses by rooting through the Web for details on the assistant, then used those to reset the password to one only he knew.

    cont...
    http://www.computerworld.com/s/artic...ds_secret_docs
    Should You Email Your Members?

    Link1 | Link2 | Link3

    Enough Said.

    "Would you rather live like a king for a year or like a prince forever?"
  • TurboAngel
    H.B.I.C.
    • Jun 2003
    • 30122

    #2
    I posted a pic with my toes and you didn't say a thing.

    Comment

    • ShellyCrash
      Confirmed User
      • Jun 2004
      • 6708

      #3
      sites, including TechCrunch, which in turn has published some and referred to others. Among the finds: Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013.
      I highly doubt they will meet those projections. Twitter is a fad site that, unless they start to evolve the UI and take into different directions, I suspect is nearing it's peak.

      Start making money with the hottest hookup site!
      up to $55 PPS or up to 75% Revshare
      ICQ 196766477

      Comment

      • Barefootsies
        Choice is an Illusion
        • Feb 2005
        • 42635

        #4
        Originally posted by TurboAngel
        I posted a pic with my toes and you didn't say a thing.

        Where was this?
        Should You Email Your Members?

        Link1 | Link2 | Link3

        Enough Said.

        "Would you rather live like a king for a year or like a prince forever?"

        Comment

        • TurboAngel
          H.B.I.C.
          • Jun 2003
          • 30122

          #5
          Originally posted by Barefootsies
          Where was this?
          A puppy thread....



          Comment

          • Tom_PM
            Porn Meister
            • Feb 2005
            • 16443

            #6
            I'm sure friendster projected billions by 2013 too. And now people say "friendster? huh?"
            43-922-863 Shut up and play your guitar.

            Comment

            • JD
              Too lazy to set a custom title
              • Sep 2003
              • 22651

              #7
              lol... i call bullshit. PR stunt ahoy!

              Comment

              • seeandsee
                Check SIG!
                • Mar 2006
                • 50945

                #8
                Originally posted by JD
                lol... i call bullshit. PR stunt ahoy!
                me too
                BUY MY SIG - 50$/Year

                Contact here

                Comment

                • CYF
                  Coupon Guru
                  • Mar 2009
                  • 10973

                  #9
                  Originally posted by PR_Tom
                  I'm sure friendster projected billions by 2013 too. And now people say "friendster? huh?"
                  I was on friendster back in the day
                  Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                  AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                  Comment

                  • woj
                    <&(©¿©)&>
                    • Jul 2002
                    • 47882

                    #10
                    "Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013."


                    others are 10 to 1 that unless they get bought out, in 4 years no one will remember what twitter is...
                    Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                    Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                    Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                    Comment

                    • spacedog
                      Yes that IS me. Bitch.
                      • Nov 2001
                      • 14149

                      #11
                      I still never used twitter yet.. WTF is it for.. seems fucking retarded.

                      Comment

                      • LiveDose
                        Show Yer Tits!
                        • Feb 2002
                        • 25792

                        #12
                        Originally posted by JD
                        lol... i call bullshit. PR stunt ahoy!
                        Didn't think about that. Interesting point.

                        Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal

                        Comment

                        • rowan
                          Too lazy to set a custom title
                          • Mar 2002
                          • 17393

                          #13
                          Interesting that such a large company trusts what could become a future direct competitor (Google) with their application data.

                          Interesting also that the app logins were not limited to requests coming from the company's IP range.

                          They should all be issued with those one-time code keyfobs. If you don't have physical possession of the device that displays a unique number (which changes frequently) that you have to enter into the login form, you won't be able to get in.

                          Comment

                          • dav3
                            Confirmed User
                            • May 2007
                            • 7348

                            #14
                            Webmasters :: Juicy Ads :: ACWM :: Crak Revenue :: Money Tree

                            Comment

                            Working...