BEIJING, July 16 (Xinhuanet) -- A leading technology blog has revealed flaws in the security behind popular micro-blogging website Twitter. TechCrunch said it had been forwarded hundreds of confidential corporate and personal documents belonging to Twitter and its employees obtained by a hacker calling himself Hacker Croll. The information received by TechCrunch included names and food preferences of all employees, records of internal meetings, names of job applicants, confidential contracts with companies like Nokia and Microsoft, and details of staff salaries.
Much of the material was published on the TechCrunch blog creating a storm of criticism. But Techcrunch says that the breach was only possible due to the fact that the password to Twitter's servers was simply "password".
French blogger Manuel Dorne, who was the first to receive the file from "Hacker Croll" told the BBC that the documents included credit card numbers and personal account details from Apple's Mobile Me service. There were also details of plans for the French president to acquire a Twitter account under the name @NicolasSarkozy. But Manuel Dorne said he had made a different decision from TechCrunch, opting just to show a few screenshots of the material rather than publish more. "I don't want to cause damage to Twitter or to help their rivals," he said.
Aside of journalistic ethics, the incident raises questions about the security of cloud computing. From reports it appears much of the information was obtained by hacking into Gmail accounts where it appears Twitter had stored much corporate information. Google is stressing its systems have not been hacked but that someone has merely guessed the Gmail passwords of various Twitter employees.
Hacker Croll, who is believed to be based in France, told Manuel Dorne his motivation behind the hack was to warn of the dangers of cloud computing. "J'espere que mon intervention fera prendre conscience que nul n'est a l'abri sur le net", (I hope my intervention will make them realize that no-one is safe on the net) Hacker Croll is quoted as saying.
While companies such as Google, Microsoft, Zoho and Amazon are confident their systems cannot be hacked or otherwise compromised this recent incident warns users that they should choose secure passwords.
Techcrunch has defended the publication of their story and said it informed Twitter about the breach, adding that "We waited until they (Twitter) took action to close it (the security hole) off before posting." Twitter are not happy about the security breach or the publication of data by Tech Crunch and are seeking legal advice. "We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents," Biz Stone, co-founder of Twitter, said.
(Agencies)
没有评论:
发表评论