Twitter’s confidential corporate information, stolen by a hacker a few weeks ago and partially released Wednesday by TechCrunch, is embarrassing the company, and causing a major stir about journalistic responsibilities, but the worst damage could be to candidates who have interviewed with the fast-growing startup.
According to a blog post by TechCrunch founder and editor Michael Arrington, the tech-focused website was emailed 310 Twitter documents “ranging from executive meeting notes, partner agreements, and financial projections to the meal preferences, calendars, and phone logs of various Twitter employees.” Most of them, Arrington writes, “are somewhat embarrassing to various individuals, but not otherwise interesting.”
Those, including documents showing who interviewed for senior positions at Twitter, will not be released by TechCrunch, he says. Those dealing with the company’s business plans and products, will be published, he said.
The first, released very early Wednesday morning, was a pitch for a Twitter-based reality TV show. The next was a financial projection fo
r the company through 2013, which says Twitter expects “1 billion users, $1.54 billion in revenue, 5,200 employees, and $1.1 billion in net earnings.”
However, the first leak of the documents came on a French site (English translation), which discreetly obscured names and certain data points. Hacker Croll, as the perpetrator calls himself, previously published Twitter material obtained directly from the site. He (or she) could chose to post them all, including the interview schedules and candidate resumes. That possibility no doubt has some people squirming.
Croll got the documents by accessing a Twitter employee’s Google account, not by hacking into Twitter iteself. Like so many companies and individuals, Twitter uses Google Apps to share information with its employees and uses Google Calendar to schedule meetings and appointments. The hacker accessed these documents.
Commonly referred to as “cloud computing,” the key features are that the application and the data reside on someone else’s servers. That makes it convenient for mobile workers to access the documents anytime, anywhere. It also means they are potentially exposed to hackers anywhere in the world.
Software as a Service is a form of cloud computing that has been growing ever more popular, including among recruiters. Many companies offer an online ATS that stores applicant resumes, interview calendars, and email contacts.
Vendors make efforts to secure their systems from direct attacks, but like a chain that’s only as strong as its weakest link, there’s little protection against a hacker who gets hold of a user’s password, which is what happened in the Twitter case. It’s also what happened two years ago when phishers hacked Monster’s database and stole data on 1.7 million job seekers.
Vendors warn recruiters to use unique passwords, avoiding birthdates, children’s names, their own street address, and the like. Even so, “For every person who has a strong password, there are two or three who use the same one for everything. Anyone who has worked in IT knows of people who have their logins on notes taped to their screen,” reports a representative for a vendor who asked not to be identified.
Although Twitter co-founder Biz Stone exonerated Google for the security lapse, The New York Times quoted a network expert saying, “Using Google apps and Gmail is great for personal use, but from a corporate perspective, I just can’t see putting something out there that is so able to be compromised and has been on numerous occasions in the past.”