A hacker has obtained and distributed more than 300 confidential documents pertaining to Twitter's business affairs. The documents were stored on Google Apps, according to reports.
The hacker apparently accessed documents with potentially sensitive information about Twitter employees, company finances, partner agreements and other topics, and forwarded the documents to media outlets such as TechCrunch, which first reported the data breach.
On how the breach occurred, TechCrunch's Michael Arrington writes that "the original security hole seems to be Google, via Google Apps for your Domain. Some passwords were guessed and things started to fall apart from there. Most (or all) of these documents were downloaded from Google's servers."
The exposure has raised ethical questions about whether any or all of the exposed documents should be published. TechCrunch said it would refrain from posting documents relating to individuals who interviewed at Twitter and others that show "floorplans and security passcodes to get into the Twitter offices." But TechCrunch said it will publish some documents "showing financial projections, product plans and notes from executive strategy meetings."
The exposure is also certain to raise questions about cloud-based services, both in terms of whether the services themselves contain inherent security flaws and whether customers are too trusting and aren't using strong enough passwords.