Recent Twitter Hack Reveals Humans Are Still Security's Weakest Link
Some of the documents found their way to TechCrunch, which posted those the site deemed newsworthy (without Twitter's consent, but with its approval). Twitter is, of course, not happy about this -- the documents contained financial forecasts, plans on monetizing the popular service, and even pitches for Twitter-themed reality shows.
First, the breach underscores the necessity of basic security. The hacker didn't use a backdoor or exploit a hole in Google or Yahoo!'s Web-based software. Instead, from the info provided by Twitter, it appears that Croll was able to access the accounts by guessing or resetting the passwords. Seriously.
Twitter relies heavily on cloud-based apps (Web-centric programs such as Google Docs or Web-based e-mail), and these services are becoming increasingly interconnected. Even social Web apps are beginning to share data: Facebook Connect and Google Friend Connect, for example, let you log in to multiple sites with a simple Facebook or Google account, raising the vulnerability of your entire online identity.
The latest Twitter breach is a reminder that the time spent by Google and Microsoft spend plugging product holes and gaps isn't all that effective when users may actually be the weakest link in the chain. While good security may start with picking a strong password, it doesn't end there. These sites offer a quick and easy way to recover or reset your password, usually involving a "secret" question. Sadly, that question is usually something like, "What is your pet's name?" or, "Where did you go to high school?" -- Information that could easily be obtained by visiting your Facebook profile.
Therefore, even the Web-savvy aren't immune to bad browsing and security habits. Take some of our advice for building a stronger password and avoid suffering the same fate as the Twitter pros. Though, we're sure TechCrunch would be much less interested in your private e-mails, unless, of course, you happen to be Eric Schmidt. [From: CNET, Reuters, TechCrunch, and Twitter]