Dans un post sur leur blog, appelé de manière ironique Someone Call Security, Ev et Biz, essayent de minimiser l'impact du piratage des données qu'ils ont subit.
First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system. If you've ever used the same password on more than one service, you've made the same mistake that lead to this theftâ€"it's a web wide issue. Random password generators as well as two-factor authentication for more sensitive systems are now mandatory at Twitter, Inc.
Stolen Documents, Not Compromised Accounts
It's important to note that the stolen documents which were downloaded and offered to various blogs and publications are not Twitter user accounts nor were any user accounts compromised (except for a screenshot of one person's account and we contacted that person and recommended changing their password). This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents.
We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We're not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.
Link to original post