This is serious. Twitter (Twitter) has a big security problem. Let’s rephrase that – most aspects of Twitter – user accounts, admin accounts, various personal accounts of important people in the company’s hierarchy, such as Evan Williams, are (or at least, have been) a security Swiss cheese. There’s been so many problems over the past couple of months that it’s getting hard to keep track of them. It’s time to fix it once and for all, because these security issues are a dark shadow looming over the otherwise bright future of this company.
Accounts of several famous Twitter users were hacked or compromised in January, and then later in May and June. Of course, some of these were compromised through third party services, such as TwitPic (Twitpic); others could have been attributed to the users’ negligence.
But then, back in April, we received a tip that several French sites have images from Twitter’s admin panel. It was a tough call to decide whether these were authentic or not; our bet was yes, and judging by the latest posting on one of these sites, they were. This same site (link omitted on purpose) now holds images from various personal accounts of Evan Williams, including PayPal, Amazon, Gmail (Gmail) and MobileMe (MobileMe).
We will not publish any of these documents. The word is out, the documents are out there and easy to find, and there’s so many of them that it’s hard to imagine that Twitter’s security as a whole – the service, the company, the people behind it – hasn’t been severely compromised in the last couple of months. Twitter’s laundry – dirty or not – is out there for anyone to see, and we’ll let everyone choose what they want to see for themselves.
But there’s no denying that Twitter has a problem. If a document that shouldn’t be published gets published every couple of weeks; if a well-known Twitter account gets hacked every couple of weeks, how will you convince users that their data on this service is safe and secure?
One thing is certain. Twitter needs to burn everything security-related down to the ground and build it all anew to make sure this won’t happen again. Employees should adopt stricter security practices; services that don’t offer adequate security should be replaced with better ones; in short, Twitter needs to seriously rethink its attitude towards security and privacy in all aspects of their work.