A hacker was able break into a Twitter employee’s e-mail account and through that was able to get to confidential business documents that were stored on the business version of Google Apps — a paid cloud computing service. Hackers breaking into accounts isn’t new, but this hacker’s tactics raised red flags for me in terms of general privacy safeguards. The New York Times reports, “Instead of circumventing security measures, it appears that the Twitter hacker managed to correctly answer the personal questions that Gmail asks of users to reset the password.”
“A lot of the Twitter users are pretty much living their lives in public,” said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. “If you broadcast all your details about what your dog’s name is and what your hometown is, it’s not that hard to figure out a password.”
Last year, a teen hacker was able to break into Alaska Gov. Sarah Palin’s Yahoo e-mail account in much the same way as the Twitter hacker.
Wired reported in September, “As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.”
This case is also yet another reminder that you need to take your electronic privacy safeguards seriously. Of course, we know we should all create passwords that are difficult to guess. But we should also resist using security questions that are easy to break. For example, instead of using the question “What is your mother’s maiden name?” you could instead use “What was your favorite book in high school?” or “What is the worst TV show ever made?” If the Web sites you are using insist on the easy-to-break questions (“Where were you born?”), then you can always make something up.