Page last updated at 04:06 GMT, Thursday, 16 July 2009 05:06 UK

Twitter calls lawyer over hacking

By Maggie Shiels
Technology reporter, BBC News, Silicon Valley

Twitter co-founder Biz Stone
Twitter employees can be a target, said Biz Stone

The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.

TechCrunch has made public some of the 310 bits of material it was sent.

It posted information about Twitter's financial projections and products.

"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone.

In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.

"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Mr Stone, Twitter's co-founder, went on to stress that "the attack had nothing to do with any vulnerability in Google Apps".

Beyond the issue of journalistic ethics, the whole incident also raises interesting questions about the security of cloud computing
Rory Cellan-Jones

He said this was more to do with "Twitter being in enough of a spotlight that folks who work here can be a target".

In his blog post, Mr Stone underlined the need for increased online security within the company and for staff to ensure their passwords are robust.

It is believed a French hacker who goes by the moniker "Hacker Croll" illegally accessed the files online by guessing staff members' passwords.

"News value"

A number of technology blogs were offered the documents for publication in what is now being dubbed "Twittergate" in some online forums.

TechCrunch, one of the most respected blogs in Silicon Valley, has set off a firestorm of criticism and debate over its decision to post some of the material.

Screenshot of Twitter website
Sensitive documents were hacked

It started things off with what it called a "softball" and published details about a reality TV show involving Twitter. Details of such a programme were made public in May.

That was followed by documents relating to an internal Twitter financial forecast that the company said is no longer accurate.

"There is clearly an ethical line here that we don't want to cross, and the vast majority of these documents aren't going to be published, at least by us.

"But a few of the documents have so much news value that we think it's appropriate to publish them," wrote TechCrunch Editor and founder Michael Arrington

Mr Arrington noted the site received a deluge of comments on the issue and said "many users say this is "stolen" information and therefore shouldn't be published. We disagree.

"We publish confidential information almost every day on TechCrunch. This is stuff that is also "stolen," usually leaked by an employee or someone else close to the company."

The TechCrunch founder cited examples of stories it has covered in the past that involved information it had acquired and also those covered by newspapers like the Wall Street Journal that had done a similar thing.

Mr Arrington said that he has also consulted lawyers about the laws that cover trade secrets and the receipt of stolen goods.


Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.

The hacker has claimed to have wanted to teach people to be more careful and in a message to the French blog Korben, wrote that his attack could make internet users "conscious that no one is protected on the net."

Twitter messages
Twitter needs to force users to wise up, said one analyst

"The security breach exploited "an easy-to-guess password and recovery question, which is one of the simplest ways to make a username and password combination really insecure," said Phil Wainewright of

"Unfortunately, users won't wise up until the cloud providers force them to."

In a study last year the security firm Sophos found that 40% of internet users use the same password for every website they access.

The affair has put Google on the defensive because the information was stored in Google Apps, an online package of productivity software that includes email, spreadsheets and calendars.

The company issued a blog post. While it highlighted the need for strong security, it said it could not discuss individual uses or customers.

Twitter's Mr Stone tried to play down the importance of the information being touted around the web.

"Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world.

"This is "akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there." That is an apt apology," Mr Stone said.

At the social media blog Mashable, Adam Ostrow agreed.

"It's another embarrassing moment in Twitter's torrid growth, but nothing that's likely to bring the house down."

Print Sponsor

Twitter hit by security breaches
06 Jan 09 |  Technology
Can Twitter survive the hype cycle?
27 Apr 09 |  Technology
Tech Know - Arduino for all
29 May 09 |  Technology
Royal household turns to Twitter
10 Jul 09 |  Technology
Twitter followers 'can be bought'
02 Jul 09 |  Technology
Twitter responds on Iranian role
17 Jun 09 |  Technology
Twitter all clear after worm wave
14 Apr 09 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific