Someone Call Security

Early yesterday, we were contacted by two blog journalists who had just been offered internal business documents stolen from Twitter by a hacker.

First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system. If you've ever used the same password on more than one service, you've made the same mistake that lead to this theft—it's a web wide issue. Random password generators as well as two-factor authentication for more sensitive systems are now mandatory at Twitter, Inc.

Twitter is more than jotted-down notes from a handful of meetings. Our future will be shaped by the passion and inventiveness of everyone who uses Twitter and through the execution of our ideas. Nevertheless, the publication of stolen documents is irresponsible and we absolutely did not give permission for these documents to be shared. Out of context, rudimentary notes of internal discussions will be misinterpreted by current and future partners jeopardizing our business relationships.

We are pursuing a path to address the harm caused by these actions and as noted yesterday, we've already reached out to the partners and individuals affected.

Twitter, Even More Open Than We Wanted

About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company. Since then, we have performed a security audit and reminded everyone of the importance of personal security guidelines.

This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. In fact, around the same time, Evan's wife's personal email was hacked and from there, the hacker was able to gain access to some of Evan's personal accounts such as Amazon and PayPal but not email. This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.

Stolen Documents, Not Compromised Accounts

It's important to note that the stolen documents which were downloaded and offered to various blogs and publications are not Twitter user accounts nor were any user accounts compromised (except for a screenshot of one person's account and we contacted that person and recommended changing their password). This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents.

We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We're not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.

The 'Underwear Drawer' Analogy

We have a culture of sharing and communication within Twitter and these stolen documents represent a fraction of what we produce on a regular basis. Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world. As Peter Kafka put it, this is "akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there." That is an apt analogy.

Nevertheless, as they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns. However, our goal remains focusing on the most important business at hand—creating value for users and building the best possible Twitter service.

TweetCraft for WoW Players

TweetCraft is an in-game Twitter client for World of Warcraft, the wildly popular massively multiplayer online role-playing game by Blizzard Entertainment. If you're a WoW player you might like it because you can send and receive tweets in-game, upload screenshots to TwitPic, automatically tweet when you get an achievement, and more. Also, the overly dramatic video promo is fun.

Twittering from the Tractor

Steve Tucker is a wheat farmer in Nebraska changing the way we interact with the folks who grow our food. Twittering from the tractor: smartphones sprout on the farm is an interesting article at CNN.com about how farmer's like Steve are using Twitter and other tools to bridge the urban-rural divide and get us thinking more about where our food comes from.

The idea of extending the Twitter network into interesting locations around the world via mobile devices is at the core of our thinking and Steve sums it up well when he says, "I can be in the most remote place and just with the power of having a BlackBerry ... I can communicate with anybody at anytime about anything." You can follow @Tykerman1 on Twitter.

p.s. Twitter co-founder and CEO @ev grew up on a farm in Nebraska.

May The Tweets Be With You

The ecosystem growing around Twitter is something we very much believe in nourishing and supporting. There are lots of really awesome services and applications out there like TweetDeck, TweetMeme, Tweetie, BackTweets, Tweetboard, and others that we absolutely love as do many users. However, as the ecosystem grows there is also the possibility that confusing and potentially damaging projects could emerge.

We have applied to trademark Tweet because it is clearly attached to Twitter from a brand perspective but we have no intention of "going after" the wonderful applications and services that use the word in their name when associated with Twitter. In fact, we encourage the use of the word Tweet. However, if we come across a confusing or damaging project, the recourse to act responsibly to protect both users and our brand is important.

Regarding the use of the word Twitter in projects, we are a bit more wary although there are some exceptions here as well. After all, Twitter is the name of our service and our company so the potential for confusion is much higher. When folks ask us about naming their application with "Twitter" we generally respond by suggesting more original branding for their project. This avoids potential confusion down the line.

Thanks to Robin Wauters at TechCrunch for raising the issue because it highlights a need. As we build our platform team, we will be adding more documentation, guidelines, and best practices to help developers get the most out of our growing set of open APIs. We'll work together to ensure success for Twitter, developers, and everyone who uses these services while avoiding confusion and maintaining quality.

Following and Followers Page Improvements

When you click on the Following and Followers links from your Twitter home page, you'll notice that we've upgraded the design of these pages and added features. Instead of a basic list, there are now actions you can perform that provide a better overall experience. For example, you can turn on SMS, unfollow, mention, block, direct message, and more. Tip: You can also view the accounts that someone else is following and follow them yourself.

Restaurants on Twitter

Boston Globe Staff Photo by Yoon S. Byun

This article from my hometown newspaper is a great example of something we're increasingly inspired by at Twitter. Small businesses—in this case restaurants—using Twitter as a low cost way to connect with patrons and ultimately improve profits.

What can you do with 140 characters or less, the length of each tweet? A lot, restaurants are discovering - everything from posting daily specials to luring followers with offers of free appetizers to offering a glimpse of kitchen life. It’s all good for business.

This quote is awesome, "You don’t need technology to be spreading your message on Twitter." Well, you do need a bit of technology but not that much, it's true. With a chalkboard and a mobile phone you can boost business. Is your favorite restaurant on Twitter?