Hacker break-in of Twitter e-mail yields secret docs - GoFuckYourself.com

Barefootsies · 07-16-2009, 12:20 PM

Quote:

Computerworld - A hacker made off with confidential Twitter documents after breaking into an employee's e-mail account, the company's co-founder confirmed yesterday.

Security experts today said that the breach and theft highlights the problem people have with creating, and then remembering, strong passwords, and the increasing tendency to disclose personal information on services like Twitter and Facebook.

"What it boils down to is that people are lazy and lackadaisical about their personal paranoia," said Andrew Storms, director of security operations at nCircle Network Security. "People should be thinking twice about what they're making public."

The breach occurred about a month ago, said Twitter co-founder Biz Stone, when a hacker calling himself Hacker Croll broke into an administrative assistant's e-mail account, then used that to collect information that let him access the employee's Google Apps account. Twitter workers use the corporate version of Google Apps to share documents and other information within the company.

Hacker Croll then forwarded hundreds of pages of internal Twitter documents to Web sites, including TechCrunch, which in turn has published some and referred to others. Among the finds: Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013.

The privately held Twitter does not disclose the current number of users or its financials, but some metrics firms estimate the site has six million unique visitors a month. Documents disclosed by TechCrunch said Twitter was projecting 25 million users by the end of this year.

Stone denied reports that a bug in Google Apps was responsible. "This attack had nothing to do with any vulnerability in Google Apps, which we continue to use," he said in a blog entry yesterday. "This is more about Twitter being in enough of a spotlight that folks who work here can become targets. This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents."

Exactly, said security experts today, who put the blame on a combination of online password retrieval systems and people's disclosure of their personal life on social networking services.

"This has nothing to do with cloud computing," said Sam Masiello, vice president of information security at Englewood, Colo.-based MX Logic. "It's about weak passwords that are easily guessable, with a huge contribution from people's habit of putting online information that they wouldn't otherwise share with anyone but their closest friends. It's not hard to crack [password resets] with the information you can find freely available on social networking sites."

Like the breach of Gov. Sarah Palin's Yahoo e-mail account last fall, security researchers guessed that Hacker Croll gained access to the Twitter employee's account using Google's password reset feature, which poses several personal questions to authenticate the user. Hacker Croll likely dug up possible responses by rooting through the Web for details on the assistant, then used those to reset the password to one only he knew.

cont...

http://www.computerworld.com/s/artic..._secret_do cs

TurboAngel · 07-16-2009, 12:50 PM

I posted a pic with my toes and you didn't say a thing.

ShellyCrash · 07-16-2009, 01:07 PM

Quote:

sites, including TechCrunch, which in turn has published some and referred to others. Among the finds: Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013.

I highly doubt they will meet those projections. Twitter is a fad site that, unless they start to evolve the UI and take into different directions, I suspect is nearing it's peak.

Barefootsies · 07-16-2009, 01:08 PM

Quote:

Originally Posted by TurboAngel

I posted a pic with my toes and you didn't say a thing.

Where was this?

TurboAngel · 07-16-2009, 01:12 PM

Quote:

Originally Posted by Barefootsies

Where was this?

A puppy thread....

Tom_PM · 07-16-2009, 01:38 PM

I'm sure friendster projected billions by 2013 too. And now people say "friendster? huh?"

JD · 07-16-2009, 02:05 PM

lol... i call bullshit. PR stunt ahoy!

seeandsee · 07-16-2009, 02:08 PM

Quote:

Originally Posted by JD

lol... i call bullshit. PR stunt ahoy!

me too

CYF · 07-16-2009, 09:10 PM

Quote:

Originally Posted by PR_Tom

I'm sure friendster projected billions by 2013 too. And now people say "friendster? huh?"

I was on friendster back in the day

woj · 07-16-2009, 09:31 PM

"Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013."

others are 10 to 1 that unless they get bought out, in 4 years no one will remember what twitter is...

spacedog · 07-16-2009, 09:36 PM

I still never used twitter yet.. WTF is it for.. seems fucking retarded.

LiveDose · 07-16-2009, 09:50 PM

Quote:

Originally Posted by JD

lol... i call bullshit. PR stunt ahoy!

Didn't think about that. Interesting point.

rowan · 07-16-2009, 09:56 PM

Interesting that such a large company trusts what could become a future direct competitor (Google) with their application data.

Interesting also that the app logins were not limited to requests coming from the company's IP range.

They should all be issued with those one-time code keyfobs. If you don't have physical possession of the device that displays a unique number (which changes frequently) that you have to enter into the login form, you won't be able to get in.

dav3 · 07-16-2009, 09:57 PM

07-16-2009, 01:38 PM	#6
Tom_PM Porn Meister Industry Role: Join Date: Feb 2005 Posts: 16,443	I'm sure friendster projected billions by 2013 too. And now people say "friendster? huh?" __________________ 43-922-863 Shut up and play your guitar.

07-16-2009, 09:31 PM	#10
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	"Financial projections by Twitter that it will have a billion users, $1.54 billion in revenue and $1.1 billion in net earnings by 2013." others are 10 to 1 that unless they get bought out, in 4 years no one will remember what twitter is... __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

07-16-2009, 09:57 PM	#14
dav3 Confirmed User Industry Role: Join Date: May 2007 Posts: 7,348	__________________ Webmasters :: Juicy Ads :: ACWM :: Crak Revenue :: Money Tree

07-16-2009, 12:50 PM	#2
TurboAngel H.B.I.C. Industry Role: Join Date: Jun 2003 Location: NC Posts: 30,122	I posted a pic with my toes and you didn't say a thing.

07-16-2009, 02:05 PM	#7
JD Too lazy to set a custom title Industry Role: Join Date: Sep 2003 Posts: 22,651	lol... i call bullshit. PR stunt ahoy!

07-16-2009, 09:36 PM	#11
spacedog Yes that IS me. Bitch. Industry Role: Join Date: Nov 2001 Posts: 14,149	I still never used twitter yet.. WTF is it for.. seems fucking retarded.

07-16-2009, 09:56 PM	#13
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Interesting that such a large company trusts what could become a future direct competitor (Google) with their application data. Interesting also that the app logins were not limited to requests coming from the company's IP range. They should all be issued with those one-time code keyfobs. If you don't have physical possession of the device that displays a unique number (which changes frequently) that you have to enter into the login form, you won't be able to get in.