Twitter hacked via Google Apps

A hacker got into Twitter's internal systems through Google Apps, downloading confidential commercial documents and data, and gaining access to the private accounts of Twitter users (at least one user account that we know of).

Twitter staff had been using Google Docs, a service designed to compete with MS Office, trying to take customers away from Microsoft. However, anything that somebody does using Google Docs can automatically be accessed online simply by logging-in to the Google account.

In security terms, an account with Google can potentially put all your eggs in one basket. A hacker could take control of a wide range of services and data belonging to a user through their Google account, including their email account, YouTube account, online shopping account, AdWords account, AdSense account, iGoogle account, etc.

16 July 2009

Share the love:

Comments: 3

Add Comment

I believe you are mistaken on your comment as documents stored on Google Apps are not immediately available (or "published") for anyone to see. Even as a system admin, you would need to reset items to gain access.
The underlying problem leading to the Twitter break-in is one of security practice and process. Without sound password security, any email system becomes more vulnerable to break-ins.

Tim Acheson (16 Jul 09, 17:16)

Thanks for your comment. I'll try to clarify what I meant when I said stuff people do on Google Docs "can automatically be accessed online simply by logging-in to the Google account." In other words, if you get into somebody's Google account you can take control of their stuff. An account on a web site (like Google Docs) protected by a password isn’t very secure. This is the point I wanted to make. In contrast, the traditional desktop environment for creating and managing documents and data can be more secure. Does this clarification address your issue with my original blog post above?

P.S. It’s healthy to question the information on a blog. I’m always ready to correct anything I write online. There’s already too much bad information out there, even on web pages ranking highly in relevant Google search results.


  • Twitter
  • LinkedIn
  • Facebook
  • Windows Live / Messenger
  • Xbox Live
  • RSS
  • Email