The Twitter corporate mothership got nailed by a hacker recently who leaked confidential documents. The problem here isn’t so much with the hack itself as TechCrunch’s decision to publish the documents. They also brought to light the fact that an admin password was set to, you guessed it, password. It becomes less of a wonder as to why their security staffer ended up on the Wall of Sheep last summer at Defcon. But, I digress.
Twitter had this as a response to the hacking incident.
We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We’re not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.
Now, here is some background on the story.
From San Jose Mercury News:
Twitter was forced to acknowledge the burglary after some of the stolen documents were published by TechCrunch, a popular technology blog in Palo Alto, as well as a French blog called Korben.
Among the documents was an internal financial forecast that Twitter would increase revenues from zero during the first two quarters of this year to $140 million by the end of 2010. By 2013, Twitter projected it would have 1 billion users and make $1.54 billion.
The hacker also claimed to have purloined a salary grid, meeting reports and confidential contracts with Nokia, Samsung, Dell, AOL and Microsoft.
Now, Techcrunch has said that they plan to release some of the aforementioned docs. Not sure I remotely agree with their plan of action. Possession of stolen property and that sort of thing.
From TechCrunch:
Some documents show floorplans and security passcodes to get into the Twitter offices. We’re not going to post any of those documents.
But we are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings. We’re also going to post the original pitch document for the Twitter TV show that hit the news in May, mostly because it’s awesome.
While I find it mildly amusing that Twitter got nailed using Google Docs I find it less so that TechCrunch plans to profit from this. A lack of ethics comes to mind.
Cyberdouchery.
I’m willing to bet the new password is “p4ssw0rd” or “password!”….
@brooks
Oh I wasn’t kidding. It was “password” according to the leak article.
The using of “password” as a password did not lead to the documents being stolen. The password was used on the admin interface for the trending topics and other search features. All one could do with access is spam the trending topics. The documents were stolen as a result of an employee’s gmail account getting compromised. From there “Hacker Croll” was able to glean enough information to compromise other employee gmail/other accounts.
Perhaps some are unclear on the obligations of a journalist to REPORT information: not CONCEAL said information.
Journalists are often in possession of documents that were obtained by violation of various laws and legal restrictions. Documents regarding Nazi war crimes, internment of Japanese Americans, and various acts of corporate skulduggery come to mind.
A journalist is bound by a code of ethics that requires them to report on information that comes to their attention — regardless of how that information was obtained. For example, the entire Watergate scandal was revealed by “Deep Throat” — who broke various laws to reveal this information — to a reporter. That reporter had an ethical obligation to REPORT that information. The reporter also had an ethical obligation to conceal the source of this information.
The information published by TechCrunch was published under their ethical obligation as a journalist. Without journalists actually doing their jobs, under great duress and pressure, then our ability to have a functioning democracy is under great threat.
TechCrunch has a moral obligation to publish. If they do not publish, they are not journalists, but are corporate lapdogs.
@John
Agreed regarding “password”. Did not assert otherwise.
@nedhayes
“A moral obligation to publish”? Gimmie a fucking break.
The good folks at Wall of Sheep sent this message along that I thought I would share.
I would more so question the sanity of joining the wireless network at Defcon with an iPhone in the first place 🙂
Thanks for sending that in.
cheers,
Dave