The world learned a lot about Twitter this week. The most important takeaway: the company doesn’t use the best passwords.
A hacker broke into a Twitter’s employees email account in May. From
there he was able to access the company’s Google Apps account where
Twitter shares notes, spreadsheets and financial data within the
company. This week, the information started making its way online.
A leak that size has the potential to derail Twitter’s future
partnerships, business plans and financial future.
But it’s also a setback for Google Apps.
Twitter cofounder Biz Stone wrote on the company’s blog that while the docs were “not ready for prime time… they’re
certainly not revealing some big, secret plan for taking over the world.”
And nothing too surprising has come out so far.
Within the documents rested information about when Twitter expected to make money (this quarter), the company’s forecasted revenue ($140 million by 2010), and its user growth (1 billion users by 2013).
But the entire episode is proving to be bad PR for Google Apps. Individuals have happily been appreciating the free services of Google Apps allowing them to read, edit and share documents in the cloud. But that ease of use also means that it’s easier for other people to get your information from any computer anywhere. And this episode is enough to give companies pause before placing sensitive documents online to share with employees.
On the Twitter blog today, Stone was adamant that Google Apps were not to blame for the security breach: “This attack had nothing to do with any vulnerability in Google Apps which we continue to use.”
But his next line gets to the crux of the problem: “This is more about Twitter being in enough of a spotlight that folks who work here can become targets.”
What company does not have rivals that would want access to private financial data? Sharing documents online will continue to be a problem because individuals will continue to be careless. And while Google Apps may not have any inherent security lapse, the individuals who use the service will continue to screw up and get scared by how easily they may do so.
As more services move into the cloud, companies have to be very careful about what they are sharing and where. For corporate usage, there is something to be said for paying the fee for software specific to a computer in one location.
That’s not to say that sharing online isn’t useful for large groups. But online, companies have to remember that they are only as secure as their weakest password. A point proven by this simple lesson from the Twitter debacle: don’t ever use “password” as your password.