Twitter Servers Hacked
TechCrunch and the New York Times are reporting on what appear to be Twitter's confidential corporate documents. Floor plans, security codes, financial documents - all exposed to the world.
Another TechCrunch piece has a possible explanation for the break in- a Twitter server's password was apparently "password". That should not ever happen. It's common knowledge among programmers and hackers that a small percentage of any web service's users will use some variation of the word "password". Those users will be the very first to be compromised - they are the low hanging fruit for malicious hackers.
For a company of any size, let alone Twitter's stature, to have "password" or other easy-to-guess phase on their server is unacceptable and just plain dumb.
But Twitter is not dumb. They've masterfully built a great business on a new concept and are hitting it out of the park. How could such a smart bunch of people do something so stupid? We don't know. But we do know that things fall through the cracks, and even the best make mistakes. This should serve as a lesson to us all - protect your data.
You can start by using a good, strong password. Use letters, numbers, and punctuation, and make it at least 8 characters. Don't use your name, school, birthday, or any other personal information - a random string of characters is best.
Another common mistake is to use the same password for multiple services. Keep in mind that all of those services will have your password available to them. Sign up with some trivial, fun site? Have you used that same username/password combination at other more important sites, like your bank? What if that fun site had a malicious employee? You'd have just given him the keys to your bank account.
The internet can be a nasty place. Make sure you protect yourself.
UPDATE: There is a fascinating article on TechCrunch describing how this attack took place. It's worth reading.
Comments