Twitter pillaged: Hacker accesses email of Twitter employees, and tells all

July 15, 2009 | Matt Marshall | Comments | |

twitter-confidentialA person going by the name of Hacker Croll has distributed hundreds of private documents they obtained from hacking into the private email of Twitter employees.

Much of the material is being distributed by TechCrunch and other sources. The action, which includes the release of 310 documents ranging from executive meeting notes, partner agreements and financial projections, amount to a corporate pillage that shows how important security plays now in the Internet age. Our writer Dean Takahashi has continued to write about how easy it is to hack email, web sites, and other electronic information (in fact Dean even built his own hacker software), but many people shirk taking extra security measures. To some extent, it’s human nature: Implementing security measures takes time and resources, and you’re never quite sure what the payoff will be.

But the attack is more significant for Twitter, because of the implications it could have for the millions of Twitter users. Increasingly, they’re using Twitter to send personal messages (using “direct message”), which are not intended for public consumption. Indeed, Twitter has been expanding to essentially become an email-like dashboard for some users — you can use it as a proxi instant messaging service. Your dirty secrets being revealed on the Internet by some ruthless hacker could become your biggest nightmare.

The latest incident may have started back in May, when there were reports that Twitter was hacked by someone who got into the accounts of several Twitter employees and then accessed the Twitter accounts of celebrities such as Britney Spears and Ashton Kutcher. The hacker posted screen shots of the accounts on a French message board, and they’ve surfaced more recently here (with translation here).

However, in a response to a inquiry by TechCrunch yesterday, Twitter co-founder Ev Williams suggests that the latest hack may have been unrelated to the May attack, saying it didn’t include getting access to Twitter accounts — but his response wasn’t entirely clear on that.

Here’s what he did concede: The email of an administrative employee was compromised, as was Williams’ wife’s Gmail account, which is where Williams says the Hacker got access to some of his credit cards and other information. The hacker also got into “a couple” other employees personal accounts (including Amazon, AT&T, Paypal and more):

In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.

The released documents also included stuff from meal preferences, calendars and phone logs of various Twitter employees, to more strategic projections such as plans for Twitter’s reality TV show, the Final Tweet. TechCrunch said it would not release a bunch of other documents that would be highly distressing, such as emails with details about prospective employees who had interviewed for jobs at Twitter but had remained at their existing jobs.

Other blogs such as Mashable have stated that they will not be publishing this information.

Next Story: New funds puff up Cloud9 for business intelligence software
Previous Story: Attend GigaOM’S Mobilize 09: The Mobile Web Conference

Bookmark and Share

Photo of Matt Marshall

About the Author, Matt Marshall

Matt Marshall is editor and CEO of VentureBeat. Follow him on Twitter at @mmarshall, and follow VentureBeat on Twitter at @venturebeat.

  • You might reconsider describing this situation as a 'rape'. Seems a bit unseemly to dilute the power and meaning of the word just to pull folks in to a twitterpocalyspe post.
  • Good one Matt! shared on Tw.acc

    Btw what's this at the end?

    <\/script>"); } //OBEND:do_NOT_remove_this_comment //-->

    ?
  • Will Anderson
    Agreed. It trivializes the violence and brutality of rape. I'd take it out as it is offensive.
  • Sonia
    I agree with the other comments about the misuse of the word "rape" in the title. This story has nothing to do with rape and it's wrong to just throw that word in an article title just to get people to read it. It's disgusting in fact. If you want to become a respectable journalist/writer - you should know better.
  • Scott
    Rape? Why call a case of electronic theft rape? Is this VentureBeat or the New York Post? Give me a break!
  • bloggeruy
    Yeah... rape seems too much for a word.
    Satellite TV for PC
  • i think the word 'rape' very much describes what happened. in fact, it's a rape that is being transmitted live worldwide. How would you like it if your love letters were all around the world?

    Wouldn't it be nice to see bloggers making a move to refrain from publishing this information? I know there will always be someone somewhere who will bring this info online, but the popular blogs community can help by suppressing the issue. After all it's one or more persons' private life that deserves to be protected.

    The NYT recently did that for their kidnapped journalist. Why does everyone suddenly wants to have access to Ev Williams' life?
  • Folks, I've changed the headline.

    "Rape" occurred to me instantly when reading the reports, because it was a very painful violation of a company that is going to leave it scarred.

    But realize it's a sensitive term, so making the switch.
  • Though I hate to say this, I have to agree with Arrington on this particular issue. Here are my thoughts:
    http://linjamie.com/2009/07/15/why-michael-arri...
  • james
    Great! Yes, rape is a sensitive word for this article.

    internet marketing