After breaking into employee's Google Apps account

Jul 16, 2009 08:51 GMT  ·  By

A hacker claims to have compromised the personal email accounts of several Twitter employees including that of Twitter Co-Founder Evan Williams. As a result, he also obtained access to one employee's Google Apps account, from where he downloaded confidential company documents that were recently leaked to the media.

The story was broken out yesterday by TechCrunch, which received, from a person identifying himself as "Hacker Croll," 310 Twitter corporate documents "ranging from executive meeting notes, partner agreements and financial projections to the meal preferences, calendars and phone logs of various Twitter employees."

The documents originated from Google Apps, sparking speculation that a vulnerability in Google's application was to blame. However, Twitter's Co-Founder Biz Stone dismissed the rumors and explained that the incident was connected to the hacking of a company employee's email "about a month ago."

"We believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company," Stone wrote on the official Twitter blog.

Back in May, we reported that a French-speaking hacker, calling himself "Hacker Croll," broke into the personal email of Jason Goldman, product manager at Twitter. Some of Goldman's tweets at the time confirmed the attack on his Yahoo! Mail account.

Apparently, "Hacker Croll" didn't stop there and, according to French blogger Korben, he just took credit for hacking Paypal, Amazon, Apple, AT&T, MobileMe and Gmail accounts belonging to Evan Williams and his wife, Sara Morishige Williams, as well as to Margaret Utgoff and Kevin Thau, two Twitter employees.

Biz Stone did not name the compromised employee and only referred to them as "her." He also explained that Evan Williams' email account had not been compromised. Either way, he stressed that, "This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents."

Stone compared the impact of this incident on the company to having your underwear drawer gone through in public. "Embarrassing, but no one’s really going to be surprised about what’s in there." He did, however, agree that, "As they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners."

The company is currently consulting with lawyers regarding the consequences of this security breach and on how to act against the hacker, as well as anyone deciding to publish or share the confidential information.