Google and Twitter Deny Weakness in Google Apps
Both Google and Twitter moved to put the kibosh on these insinuations about Google's account security protocols and the cloud having weak security. Stone added in his post:Google, meanwhile, also addressed the questions about its Google Apps security. Google Engineering Director Macduff Hughes wrote in a blog post:
"This attack had nothing to do with any vulnerability in Google Apps, which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. ... This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords."
Stone also stressed that this was not a hack on Twitter, but a personal attack that led to the theft of private company documents.
"We run our own business on Google Apps, and we're highly invested in providing a high level of security in our products. While we can't discuss individual user or customer cases, we thought we'd try to clear up any confusion by taking some time to explain how account recovery works with various types of Google accounts and by revisiting some tips on how users can help keep their account data secure."Noting that password recovery is one of the more common requests for assistance Google receives from its Gmail users, Hughes said Google recommends security questions and a secondary e-mail address, as well as an option to input a mobile phone number to assist with account recovery. But Hughes said password recovery is another animal altogether for Google Apps, for which there is no password recovery process for individual Google Apps users. Hughes said users must get new passwords from their domain administrator. Pundits were not as diplomatic in their defense of Google and its cloud computing approach. In a post titled "The Twitter hack: Let's not start blaming Google or the cloud," Sam Diaz at ZDNet wrote:
"Sure, maybe Google could come up with a better password-recovery system-but this isn't Google's fault. Bottom line: Twitter used an easy-to-guess password and recovery question. That's how the hacker was able to get in-not because Google has some sort of security hole."GigaOm's Jordan Golson wrote that the issue may be chalked up to companies using poor authentication and password protocols to secure their data.