With all the chatter about the current security issues surrounding Twitter, its workforce and the cloud-based Google apps they use, a new security issue has popped up that makes it trivially easy for anyone to access the Twitter servers directly. The problem? The password to the servers was, literally, “password.”
Twitter co-founder Biz Stone, responding to our email, said “this bug allowed access to the search product interface only. No personally identifiable user information is accessible on that site.” Although no user accounts were compromised or accessible, the vulnerability speaks to a greater culture of lax security at the startup, and may be indicative of how earlier breaches possibly occurred.
With that in mind, we have some friendly advice for Twitter. For instance, it would be wise if in the future Twitter insiders do not use the password “password” for the back ends of its systems or one of its co-founder’s names (Jack) as a username.
Why do we think this advice could prove helpful? Well without taking this type of precaution, before you know it malicious hackers or just plain mean people who have it in for you could do some serious damage and/or embarrass you in front of all your friends and followers by invading your personal digital territory.
Again, for the record, this has absolutely nothing to do with the other security breach we’re publishing ongoing reports about and which Twitter has already publicly responded to. We notified Twitter about this breach as well, and waited until they took action to close it off before posting.
Screen shots below.
Seattle, WA
San Diego, CA
Menlo Park, CA
San Francisco, CA
Berlin, Germany
Boston, MA
