Internal company information from Twitter obtained when a hacker hit the private e-mail accounts of employees has been leaked out on to the Internet. The information ranges from the mundane - employee meal preferences - to Twitter's financial projections.
A hacker has gotten a hold
of Twitter company information after hacking into the personal e-mail account
of an employee.
, who goes by
the nickname "Hacker Croll," sent hundreds of company documents to
TechCrunch and a
French blog called Korben
. The documents range from contracts with
companies such as AOL and Nokia to financial
projections and employee credit card information. TechCrunch
some of the documents, including one pertaining to an idea
for a Twitter TV show called "Final Tweet."
about a month ago an administrative employee had her personal
e-mail account hacked. From the personal account, the attacker was able to gain
information that allowed access to the employee's Google Apps account, which
contained Docs, Calendars and other Google apps Twitter relies on for sharing
notes, spreadsheets and other information within the company.
The stolen documents that
were downloaded and offered to various blogs and publications are not Twitter
user accounts, and no accounts were compromised-except for a screenshot of one
person's account. This was not a hack on the Twitter service; it was a personal
attack followed by the theft of private company documents.
"This attack had nothing
to do with any vulnerability in Google Apps, which we continue to use," Twitter
co-founder Biz Stone wrote in a blog. "This is more about Twitter being in
enough of a spotlight that folks who work here can become targets. ... This isn't
about any flaw in Web apps, it speaks to the importance of following good
such as choosing strong passwords."
The breach follows an incident
when someone operating under the name Hacker Croll gained access
to Twitter's administration panel and posted screenshots of internal data for
accounts belonging to a number of celebrities.
This time around, Hacker
Croll claims to have used password recovery techniques to gain access to the
Paypal, Apple, AT&T, Amazon, MobileMe and Gmail accounts of several Twitter
attack, Twitter has performed a security audit and reminded employees of the
"importance of personal security guidelines," Stone wrote.