Instead of circumventing any actual security measures, the hacker managed to correctly answer the personal questions that some Internet sites ask when users need to reset their passwords.

Illustrating that the weakest link in online security can be the user's lack of diligence and unpredictability.

As they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.

That's a pretty strong message right there. I saw the original Admin Docs posted back in 2009 April. They are still available. If that person were smart, they'd probably make them unavailable after the above statement.

What a bummer. Any one of us is subject to this same issue. If someone wants to hack your arse bad enough, they'll do it. And, it will probably be someone that you cannot prosecute due to their locale.

Good luck in finding the source of that hack Twitter.

And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

Twitter secrets, couldn't he have picked a more juicy target? Just kidding, I hope they catch the thief and send a strong message at his expense.

From experience, divorced people can pose an even bigger threat. A diseased mind easily believes they still have a right to access the ex's life and they know the birth dates and social security numbers needed to bypass most any security measures.

Instead of blocking someone like that it's often best to simply let them in and have measures in place beyond what they expect to track their activities... then when the kids involved are grown up let the ex taste the effects of the law.

Twitter has contracts with Nokia!?

Nokia Siemens Network has confirmed it supplied Iran with the technology needed to monitor, control, and read local telephone calls.

[news.bbc.co.uk...]

just reminds me why i don't use any social networking sites.

Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.

Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.

Yes yes yes! I hate that my banks now *force* me to use this "security" feature which only increases vulnerability. In order to thwart that I have to make up answers to the security questions that aren't really true, and then painstakingly store them somewhere else, and then painstakingly look them up when I have to call my credit card company, for example.

Mother's maiden name, what a joke. Like I would give out the key to *all* my accounts everywhere, every time I talk to just *one* provider.

And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

*thumbs up*

I think this was a publicity stunt between TC and Twitter. Any reasonable person would not be publishing stolen documents and advertising it like a novel they are releasing in chapters.

It is all a big PR stunt by Twitter.

Hadn't thought of that, but it's an interesting angle, and one where I would not be surprised if it's true.

>It is all a big PR stunt by Twitter.

If it were, and found to be proven so, it would trash both parties credibility, entirely.

In addition, why would twitter need to do that? Their growth it still going up rapidly.

Methinks anti-cynical meds required. ;)

I don't think Twitter is looking for media coverage. But you know TechCrunch is, always.

It's shameful the way TechCrunch has handled this. They have shown poor judgement in the past and this is right in character. they're like the TMZ of Silicon Valley.

I know any publicity is supposed to be good publicity, but security breaches? I don't think so.

This hurts both Twitter and TechCrunch, and at least Twitter doesn't need publicity stunts at the moment, as engine said.

Maybe you are right. Off to take my anti-cynic meds...

But remember you heard it here first! ;-)

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

It's important to note that we have been given the green light by Twitter to post this information - They aren't happy about it, but they are able to live with it, they say (more on why they did that in our later post).

I'd provide a link to the article, but we're not generally permitted to post links to blogs here--for good reasons.

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

Ha! I'm right! ;-)

quick, spit out the pills!

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

not according to this tweet by Evan Williams [twitter.com]!

I wish I could say that surprises me!

On the other hand, it also suggests plausible deniability. Arrington may have gotten his alleged permission from someone else so that Ev could deny knowing anything about it while still tacitly approving it.

I knew there was a reason I didn't like Twitter....

It's frivilous anyway. The entire concept of Twitter is immature. What did someone have for breakfast this morning? Who's kid got his braces off? Who lost their job and who got one?

I frankly don't care. I get enough of that crap in my own life and I certainly don't wanna read about someone elses BS.

I'm glad they got hacked and I hope they get hacked again.

I also wish I'd have thought of it.... Twitter, I mean...

In some cases I think the use of monitoring technology is brilliant.

examples:

#1 - 6 murders in a 6 month timespan go unresolved. Internet logs show that someone looked up all 6 victims online from the same residence just prior to each murder occurring. A murderer is put behind bars thanks to his internet activity that would otherwise have gotten away.

#2 - A fire rages out of control destroying 100 acres, 20 homes and claims 3 victims. Recorded satellite imaging can be used to "rewind" footage of the fire to find it's origin. When the fires starting point is found a vehicle was present, rewind the video further to see that it passed a major traffic intersection. Access the camera at the intersection to gain a license plate number and find the persons residence.

I could go on but you get the idea.

Now, in the examples nobody was being tracked, technology was used to find the bad guy. Recording phone conversation and watching people in their own homes is not the same because privacy is violated and the victim is known in advance.

I hope ALL companies/governments do their best to maintain that distinction (which it appears they have no interest in doing) because you CAN watch without intruding on privacy.

Cameras taking pictures of everyone at a baseball game is fine. Cameras tracking individuals and storing the images in the victims personal file is not fine, privacy was violated.

It's not an easy distinction to make.

I'd be very wary about installing 3rd party tools on a Twitter account, as it seems, through my reading of some security blogs, that there is a lot of information that hacker can get to.

It would appear that there needs to be a stronger control of plugins for these SM apps, not just opening up the doors to anyone that know how to program. I know it's a bit off topic, but I thought I would mention it.