As you will have heard, this week saw a Twitter employee’s Gmail account hacked, leading to the unauthorised publication of a number of “sensitive” Twitter company documents. Thankfully for Twitter, these documents were more embarrassing than damaging – but the fact they were compromised serves as an important lesson for us early adopters!
Twitter and the cloud debate
The lesson from Twitter’s experience this week is simple; cloud computing is not yet as secure as we need it to be. Apparently, the Twitter employee who was hacked, was using a weak Gmail password and an easy to guess password-reset question. These are pretty basic errors, especially for someone working at such a high profile online Company.
Of course, Twitter’s own security has regularly come under the spotlight, following a number of successful hacking attempts.
With so much data now stored in the cloud, there needs to be a more robust way to ensure its security. It’s clear that providers can not rely on users developing and then remembering a separate, strong password for each of the 10 or 20 sites they use, which require logging in.
If cloud computing really is to be the way ahead, surely something needs to change?
Related posts:
I don’t understand what this has to do with cloud computing.
What if GMail were not “in the cloud”, but was at one big server farm? Would hacking into someone’s email account be any harder or easier?
What you are talking about is security for anything accessible via the Internet.
And things *are* changing, but slowly, for Internet accessible sites. Many more are supporting the credit card sized / key chain sized device needed to log in remotely.
John,
Not sure what you are disagreeing with here – Cloud computing IS based on servers. The difference is that with, for example Google Docs, instead of someone’s documents being held locally on their laptop or maybe their internal server – it’s stored on someone else’s server. When your docs are stored on your laptop, you are in charge of their security. When your docs are stored on Google or Amazon’s servers (cloud) they are responsible for security. My point is that before cloud computing (mass online storage) becomes mainstream, security needs to improve. It’s not good enough yet.
I use one of those credit card devices you mentioned by the way and it’s excellent.
1. Now everything on the Internet is “cloud computing”? I don’t think so.
2. SandPiper confirmed my original comment. There is nothing special about “cloud computing” going on here. If the account were “joesmith@princeton.edu” or “janedoe@pcmag.com” that got hacked, would everyone complain about the problems with “cloud computing”?
3. You still have a point about what can be lost by guessing people’s passwords. But that has been true long before cloud computing was even possible.
@ John
I did not confirm your comment coz its totally bogus. I agreed with the blog guy. Cloud security IS crap, the account that was hacked WAS stored in the cloud and the story WAS about improving could security.
I think the confusion here is to do with data – not hacking.
If Twitter had not stored those docs on Google Docs (the cloud), it would not have been possible for the hacker to steal them all, using the employees Google username and password.
If the docs were hosted locally at Twitter, they would have been safe from this attack.
All thats stopping someone stealing your crap online is your password. The average user uses the same passowrd for everything and thats how the twitter account got hacked. The tech guys right this has to get better before non geeks can use it.
Jims right. It’s a total fact that this data was only stolen because it was on cloud storage and the password was weak which is what the post said. How hards it to see that?!?!
You just wrote my post in one sentence :)