July 16, 2009

In a blog post on Wednesday about the distribution of internal Twitter documents by a hacker, company co-founder and creative director of Biz Stone traced the origin of the online break-in to a compromised personal e-mail account of an administrative employee.

And then Stone brought Google (NSDQ: GOOG) into the picture: "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps [that] Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company," he explained.

The hacker claims to have guessed the answer to the Twitter employee's security question and reset the password of the account in question.

Though Stone made clear that the attack was not the result of any vulnerability in Google Apps, the incident nonetheless prompted yet another round of doubt about cloud-based services.

Albert Wenger, a partner at venture capital firm Union Square Ventures, an investor in Twitter, said on his blog that the break-in demonstrates the inadequacy of usernames and passwords as a means of authentication. He urged online services like Google and Microsoft to adopt a two-factor authentication scheme, possibly involving SMS messages or a dedicated mobile authentication app.

Google, having witnesses the brand damage security issues have inflicted upon Microsoft, is keen to seen as more secure than the competition and moved quickly to quell the disparagement of cloud computing.