has a big security problem. Let’s rephrase that – most aspects of Twitter – user accounts, admin accounts, various personal accounts of important people in the company’s hierarchy, Evan Williams, are (or at least, have been) security Swiss cheese. There have been so many problems over the past couple of months that it’s getting hard to keep track of them. It’s time to fix it once and for all, because these security issues are a dark shadow looming over the otherwise bright future of this company. Accounts of several famous Twitter users were hacked or compromised in January, and then later in May and June. Of course, some of these were compromised through third party services, such as TwitPicTwitpic
; others could have been attributed to the users’ negligence. Back in April, we received a tip that several French sites had images from Twitter’s admin panel. It was a tough call to decide whether these were authentic or not; our bet was yes, and judging by the latest posting on one of these sites, they were. This same site (link omitted on purpose) now holds images from various personal accounts of Twitter co-founder Evan Williams, including PayPal, Amazon, GmailGmail
and MobileMeMobileMe. We will not publish any of these documents. The word is out, the documents are out there and easy to find, and there are so many of them that it’s hard to imagine that Twitter’s security as a whole – the service, the company, the people behind it – hasn’t been severely compromised in the last couple of months. Twitter’s laundry – dirty or not – is out there for anyone to see, and we’ll let everyone choose what they want to see for themselves.
But there’s no denying that Twitter has a problem. If a document that shouldn’t be published gets published every couple of weeks; if a well-known Twitter account gets hacked every couple of weeks, how will you convince users that their data on this service is safe and secure?
One thing is certain. Twitter needs to burn everything security-related down to the ground and build it all anew to make sure this won’t happen again. Employees should adopt stricter security practices; services that don’t offer adequate security should be replaced with better ones; in short, Twitter needs to seriously rethink its attitude towards security and privacy in all aspects of their work.
*Update: It has been suggested in the comments that the article implies that Twitter users should fear for the security of their PayPal, Gmail, or other accounts due to Twitter’s security issues. Although I do not see how you can read that from the article, I feel it’s important to make it absolutely clear: there’s absolutely no reason to believe that being a Twitter user implies a security risk to your other accounts. The article merely goes on to show that Twitter, both as a company and as a service has had a number of security incidents over the last couple of months, and that they need to improve their overall track record when it comes to security.