Twitter’s Costly Mistake

Talk of Twitter’s recent hacking seems to be all over the news. We mentioned it yesterday, but without much detail. Now, as more information surfaces, the situation becomes more interesting. It is now known that over 300 confidential documents were obtained by the hacker. The documents were stored in Google Apps and were all regarding Twitter business, no users’ information.

Twitter CEO Evan Williams, who was targeted in another hack earlier this year, recently tweeted,

“Tips: Strong passwords; Don’t use the same pw or pattern anywhere; Lie on security questions; Practical way to do this: @1Password or equiv.”

While we’re on the topic of password strength, maybe it’s appropriate to reveal that Twitter’s server (holding tons of information on all employees) had the password, “password.” The word “password” was their idea of an unthinkable, off-the-wall password that no one would be able to crack. That sounds like something my brother would have thought up when he was about 6, claiming it is genius because it is so obvious that others wouldn’t think to try it.

This bad choice in password wasn’t the cause of the huge hacking that is all over the news, but it definitely had the potential to be worse. Everyone in the Twitter office needs to have an intense group security meeting to avoid this situation again.