This week, Twitter co-founder Evan Williams confirmed that the company has been the victim of an attack that compromised a number of employee personal accounts at Amazon, PayPal and AT&T, employee personal email and Twitter's internal company documents. The hacker, who goes by the handle "Hacker Croll," has apparently emailed a collection of 310 internal Twitter documents to TechCrunch, including a presentation for a proposed reality television show called "Final Tweet" and a February 2009 financial forecast. Many wait to see what other documents will come to light while TechCruch negotiates with Twitter's lawyers.
Postings on the French website Korben.info claim that Hacker Croll obtained a list of employees, along with employees' credit card numbers, telephone numbers, meeting reports, time sheets, salary information, confidential Twitter contracts with Microsoft, Nokia, Samsung and other companies, as well as a list of celebrity "High Profile Users." (an English translation of the French website is available here).
Twitter's Evan Williams stated "This had nothing to do with the security of twitter.com, and there were no user accounts compromised here." This was reiterated in Biz Stone's post on the Twitter blog, appropriately entitled "Twitter, Even More Open Than We Wanted." Stone notes "This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords."
This is not the first time that poor password security has led to a noteworthy breach (see WIRED Magazine's account of how one hacker used publicly available information to hack into Sarah Palin's email). This may serve as a good reminder to many of us that we may want to take the time to change our passwords today (and select a combination with at least 6 characters, at least one capital letter and at least one number).