There is a real storm of activity after documents which were gained through a hack of a Twitter employee's google apps account. Over at Techcrunch a heated debate over the ethics and newsworthiness over the public posting of the actual data that was ill-gotten is beating down the site's editors.
While it might be entertaining to voice opinions on people ethics regarding the outing of the actual information, I think the real story is the lapse in security of the Twitter employee. A bad, guessable password was used to protect access to very sensitive internal data - but this raises an important point regarding the use of Google apps or any other easily accessible service.
It really shouldn't take an incident like this for companies to get these types of simple protections over their information. If there is risk related to disclosure of the information - make sure you have it protected.
While it might be entertaining to voice opinions on people ethics regarding the outing of the actual information, I think the real story is the lapse in security of the Twitter employee. A bad, guessable password was used to protect access to very sensitive internal data - but this raises an important point regarding the use of Google apps or any other easily accessible service.
It really shouldn't take an incident like this for companies to get these types of simple protections over their information. If there is risk related to disclosure of the information - make sure you have it protected.
Comments
If Twitter execs' web mail and Google Apps are to be used for sharing confidential information, then the identity assurance needs set to 'high'. This basic understanding would then drive out appropriate identity proofing and authentication solutions...
Mike