Twittergate? Twitter employee hacked and loses hundreds of documents
By Simon Thorpe on Jul 15, 2009
News broke this month about the hacking of Twitter CEO Evan Williams's email account. His wife and two other Twitter employees also had email accounts hacked. As a result the hacker, French in origin, was able to access numerous documents containing information about a reality TV show involving Twitter, financial forecast documents (although they claim no longer current), wage information, credit card details and many others. He then offered these documents to different sources one of which was TechCrunch, a well respected Silicon Valley site. They made the brave choice to publish these documents and have caused widespread debate with many calling the incident Twittergate.
This obviously raises the issue of the documents security. The Wall Street Journal comments that, "Bloggers and tech experts are debating not only the ethics of airing the files, but also how the hacker got the information. Was it Google's password-recovery system? "That would mean this isn't a 'cloud' privacy issue," wrote GigaOm's Om Malik. "Rather it would be an issue of companies using poor authentication and password protocols to secure their data."
In Mr. Williams blog post about the issue he wrote that "It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email."
This incident raises the issue about storing sensitive information in the cloud. A few months ago Google accidentally exposed access to their online document services. Although this recent incident was in no way a result of problems with Google security, it does highlight that putting your important documents in the hands of others and using poor security to protect your own information systems is asking for trouble.
The BBC News website commented that "Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.".
With people storing sensitive documents out in the cloud networks, it is even more important that any security affects the document itself, not the place of storage. It isn't good enough to rely on the security implemented by others such as Google, mistakes happen and leaks occur. Oracle IRM can provide this persistent security by securing the document and so no matter where you store it nor where it is stolen from, your ability to control access to the information remains where ever that document resides! Hmm I think i'll just go and tweet this...