All the latest UK technology news, reviews and analysis
|
|
|
15 Jul 2009
A recent system hack targeting a Twitter employee has led to a major data breach at the micro-blogging site.
Twitter co-founder Biz Stone said on Wednesday that the breach exposed a number of internal documents, but that no information regarding account credentials for the Twitter service itself was compromised.
The incident began in May when a French hacker known as 'Hacker Croll' broke into the email account of a Twitter executive, and gained access to a number of documents through the company's Google Apps account.
Earlier this week, the hacker began releasing the documents to a number of news outlets. The items reportedly include information from company meetings, plans for a television programme and details on the security systems at Twitter's headquarters.
Stone assured Twitter users in a blog post that no account information was among the stolen data.
"It's important to note that the stolen documents which where downloaded and offered to various blogs and publications are not Twitter user accounts, nor were any user accounts compromised except for a screenshot of one person's account and we contacted that person and recommended changing their password," he wrote.
"This was not a hack on the Twitter service. It was a personal attack followed by the theft of private company documents."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Prince 2 Project Management Professional, Client Facing...
Solution Architect / Technical Project Manager / Corporate...
Solution Architect / Technical Project Manager / Corporate...
Tier 1 Investment Bank seeks an Administrator with an...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
This is not really about the innate security or insecurity of cloud computing...
...it's about password security. This hack can happen to any enterprise that makes web-based email available. Organisations must enforce strong password policy and force their employees to make regular password changes on email accounts. Employees often demand web-based access to email, and web-based access to email greatly increases the utility of corporate email, but proper security policies should be in place to minimise the risks. Enterprises should enforce ?strong? password policies as well as regular password changes. I?m not sure if the ?enterprise? version of Google Apps has such a feature to enforce such policies, but it should. For extra security, webmail can be protected by two-factor authentication (e.g. not just a password, but also a USB token or similar). Many enterprises already do this, though many do not. Email continues to be the de-facto filing and file transfer system in the enterprise. It?s nearly impossible to change this behaviour, but as the Twitter hack shows; a massive amount of confidential information resides in the email system. Adopting an easy-to-use solution for secure file transfer ? to send files that are large, or contain confidential information ? and encouraging employees to use it, can help solve this problem.
Posted by: Keith Crosley, director of market development at email security firm Proofpoint 17 Jul 2009