Twitter: Don’t Blame Google for Twitterhack (But Do Be Careful About Publishing Stolen Documents!)
Twitter has weighed in on the hacker who rooted through the company’s files and on the Web sites that published some of the stolen info. The short version: Don’t blame Google for our security problems; we need to use better passwords. But do be careful about publishing hacked data; we’re talking to our lawyers.
In a post from co-founder Biz Stone, the company counsels users that, with the exception of a single account, none of their personal information seems to have been exposed as a result of the hack. But before establishing that, Stone goes out of his way to explain that Twitter’s security problems are Twitter’s security problems, not cloud computing’s security problems or Google’s (GOOG) security problems.
This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. In fact, around the same time, Evan’s wife’s personal email was hacked and from there, the hacker was able to gain access to some of Evan’s personal accounts such as Amazon and PayPal but not email. This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.
That last line seems directed at the likes of analysts like yours truly, who suggested this morning that the hack would raise concerns about the security of services that place work data on shared servers accessed via the Web. (Though the Twitter guys did seem to like my underwear-drawer metaphor. Cool!)
Stone then goes on to rattle a sword, gently but pointedly, at Web sites that have published stuff pilfered by the hacker.
We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We’re not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.
Note that while it’s easy enough to find this stuff on the Web, only a handful of mainstream Web sites, including TechCrunch, Gawker and Silicon Alley Insider, have published it, and most of what they have published is banal. I’ve asked all three sites for a response to Twitter’s response.
In the meantime, TechCrunch’s Mike Arrington, who has promised to publish more, announces in a new post that he is in the midst of “negotiations” with Twitter’s lawyers about his plans. Happy to hear from a First Amendment specialist, but I don’t think Twitter has a case against Web publishers here; the issue is an ethical one, not a legal one.
UPDATE: Here’s Gawker Editor-in-Chief Gabriel Snyder’s “bring it on” retort:
It’s hilarious to see Twitter, which has become a conduit for real-time, unauthorized information from places like the New York Times’ internal meetings, now get prissy about corporate privacy. Ev Williams seems to have learned a lot about the mores of the institutional elite during his stay in Sun Valley. As for Twitter coming after us for publishing the docs, the only thing I’m upset about is that the leaker didn’t come to us with them first.