informa
3 min read
article

Hacker Stole Internal Twitter Documents In Targeted Attack On Employee

Twitter co-founder blames weak passwords, likens incident to 'underwear drawer' being rifled through, while experts question internal security controls
It's been a rough security month for Twitter: First, there was the launch of the Month of Twitter Bugs, exposing flaws daily in third-party apps for the social networking site, followed by the Koobface worm infection, which is still spreading -- and now closer to home comes the revelation that an attacker stole hundreds of internal documents after reportedly hijacking a user's email account.

Twitter co-founder Biz Stone said in a blog post yesterday that one of the company's administrative employees was targeted last month by a hack that resulted in confidential documents about the company's business being stolen.

Some of the stolen documents, including meeting notes, partner agreements, financial projections, and phone logs of some Twitter employees, were published by TechCrunch, which was sent the information by the attacker, who calls himself "Hacker Croll."

Another attack around the same time targeted Twitter founder Evan Williams via his wife's personal email account, ultimately leading to the founder's Amazon and PayPal accounts, according to Stone. No Twitter user accounts were affected in the attacks, according to Stone.

The breaches raised cloud security questions since the information was stored in Google Apps, the application service used by Twitter, but Stone said Twitter's breach was about weak passwords and targeted attacks, not cloud-based apps: "This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords," he blogged.

After the admin's personal email was hacked, "we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company," Stone blogged. "This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets."

Hacker Croll, who reportedly wanted to make a point that no one is safe on the Internet, and to teach users to be careful online, is said to have used Gmail's password recovery feature to grab the Twitter admin's email credentials.

Amit Klein, Web security researcher for Trusteer, says while the details of how the attacker then ended up with access to Twitter's apps and documents are unclear, the fact that he went from hijacking the admin's Gmail account to breaching the other systems is a red flag. "The organization needs to take a closer look at their overall security for accessing such apps and make sure credentials can't be phished," Klein says.

Steve Moyle, founder and CTO of Secerno, says while the breach at first glance appeared to be a cloud security failure, it's really "an exploit of the password recovery system and other features of Google apps."

The breach is more about password protection failures -- and it could have happened in a noncloud, traditional application, Moyle says.

Meanwhile, Twitter's Stone emphasized that the stolen documents represented only a small portion of the shared communication among its employees and didn't reveal any earth-shattering strategies. "As Peter Kafka put it, this is 'akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there,'" he blogged.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.