A hacker has reportedly obtained and distributed more than 300 confidential documents pertaining to Twitter's business affairs. The documents were reportedly stored on Google Apps.
The hacker apparently accessed documents with potentially sensitive information about Twitter employees, company finances, partner agreements, and other topics, and forwarded the documents to media outlets such as TechCrunch, which reported on the data breach Tuesday.
[ Cisco's CEO recently called cloud computing a "security nightmare" | One major cloud security problem is that many companies aren't doing much to address it | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
On how the breach occurred, TechCrunch's Michael Arrington writes that "the original security hole seems to be Google, via Google Apps for your Domain. Some passwords were guessed and things started to fall apart from there. Most (or all) of these documents were downloaded from Google's servers."
The exposure has raised ethical questions about whether any or all of the exposed documents should be published. TechCrunch said it would refrain from posting documents relating to individuals who interviewed at Twitter and others that show "floorplans and security passcodes to get into the Twitter offices." But TechCrunch said it will publish some documents "showing financial projections, product plans, and notes from executive strategy meetings."
The exposure is also certain to raise questions about cloud-based services, both in terms of whether the services themselves contain inherent security flaws and whether customers are too trusting and aren't using strong enough passwords.