Twitter Security Breach Reveals Confidential Company Documents

A French hacker broke into the email accounts of Twitter executives and employees, and now the cyber snoop is leaking business and personal info about company leaders to TechCrunch, an American blog, and Korben, a French blog. The hacker reportedly guessed passwords and gained access to several Gmail accounts, as well as accounts with Google Docs, PayPal, and other services. TechCrunch received a compressed zip file of 310 confidential documents,

including a complete Twitter employee list and salary information; food preferences of Twitter employees; confidential contracts with companies such as Nokia, Samsung, Dell, AOL, Microsoft, and others; a contact list of notable Web and entertainment personalities; meeting reports; [and] applicant resumes [PC World].

One document leaked to TechCrunch by the hacker, who goes by the name Hacker Croll, was a chart of business projections for the coming year. The company appears to be doing well: Twitter expected their first revenue to come in Q3 2009 (which is now). A modest $400,000 was expected, followed by a more robust $4 million in Q4. The document also shows Twitter’s projected user growth (25 million by the end of 2009), which it has absolutely blown through alre

Now it's up to the site to decide what information to publish. Thus far, TechCrunch has decided not to release anything that is personally embarrassing. Still, under the philosophy “News is what somebody somewhere wants to suppress; all the rest is advertising,” the site will release documents it considers relevant to the company. These include notes from executive meetings, the original pitch for a Twitter TV show, and certain company financial information.

ady. By the end of 2010, Twitter expected to be at a $140 million revenue run rate [TechCrunch]

. This attack apparently is not related to the one in April, in which a hacker, who also went by the name of Hacker Croll, gained control of the administrative functions on Twitter's web site, along with the accounts of some famous Twitter users. Still, even if TechCrunch doesn't publish some of the leaked documents out of ethical discretion, that doesn't mean the docs are gone forever. Some experts say it's only a matter of time before the information circulates on the Web.

The word is out, the documents are out there and easy to find, and there are so many of them that it’s hard to imagine that Twitter’s security as a whole – the service, the company, the people behind it – hasn’t been severely compromised in the last couple of months. Twitter’s laundry – dirty or not – is out there for anyone to see [Mashable].

In a written statement, Hacker Croll said he hoped the attack would bring attention to the need for greater vigilance about the information people put on the Web.

“Security starts with simple things like the secret questions, whose utility many people ignore, and the impact that that can have on their private lives if a pirate was able to circumvent them,” he wrote [The New York Times]. Perhaps it worked: Twitter's chief executive Evan Williams told TechCrunch, “It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.”

[The New York Times].

Image: flickr / Mykl Roventine