Hot on HuffPost Tech:

See More Stories
AOL Tech

Recent Twitter Hack Reveals Humans Are Still Security's Weakest Link

According to a post on Twitter's official company blog on Wednesday, the data of several of the microblogging site's employees was hacked back in May. Although the site itself was not compromised (user accounts are fine), the e-mail and other personal accounts of employee Jason Goldman were exploited. According to TechCrunch, a hacker, who goes by the handle Hacker Croll, gained access to Goldman's personal Yahoo! e-mail account, and from there broke into his Google Apps account at Twitter. Croll also managed to gain access to the company accounts of other employees, including Twitter co-founder Evan Williams. The cyber criminal pillaged these Google Apps accounts, collecting sensitive e-mails, calendar details, documents, and meeting notes.

Some of the documents found their way to TechCrunch, which posted those the site deemed newsworthy (without Twitter's consent, but with its approval). Twitter is, of course, not happy about this -- the documents contained financial forecasts, plans on monetizing the popular service, and even pitches for Twitter-themed reality shows.

First, the breach underscores the necessity of basic security. The hacker didn't use a backdoor or exploit a hole in Google or Yahoo!'s Web-based software. Instead, from the info provided by Twitter, it appears that Croll was able to access the accounts by guessing or resetting the passwords. Seriously.

Twitter relies heavily on cloud-based apps (Web-centric programs such as Google Docs or Web-based e-mail), and these services are becoming increasingly interconnected. Even social Web apps are beginning to share data: Facebook Connect and Google Friend Connect, for example, let you log in to multiple sites with a simple Facebook or Google account, raising the vulnerability of your entire online identity.

The latest Twitter breach is a reminder that the time spent by Google and Microsoft spend plugging product holes and gaps isn't all that effective when users may actually be the weakest link in the chain. While good security may start with picking a strong password, it doesn't end there. These sites offer a quick and easy way to recover or reset your password, usually involving a "secret" question. Sadly, that question is usually something like, "What is your pet's name?" or, "Where did you go to high school?" -- Information that could easily be obtained by visiting your Facebook profile.

Therefore, even the Web-savvy aren't immune to bad browsing and security habits. Take some of our advice for building a stronger password and avoid suffering the same fate as the Twitter pros. Though, we're sure TechCrunch would be much less interested in your private e-mails, unless, of course, you happen to be Eric Schmidt. [From: CNET, Reuters, TechCrunch, and Twitter]

Tags: hack, microblogging, passwords, security, top, twitter



Add your comments

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.