Brian Czarny, vice president of solutions marketing at Webroot, claimed that the security of data stored in the cloud, in this case Google Apps, is not the main issue. In fact, it is more about the security practices that users of all websites and applications should be employing in their day-to-day use.
Czarny said: “The key learning end-users should take from this incident is that password security is critical, both in terms of the passwords you choose as well as the amount of data you expose publicly through social media sites like Twitter and Facebook.”
He also said that Twitter had pointed this out on its blog response, and ‘Hacker Croll', who was accused of the hacking, had articulated that his intention is to teach people a lesson about the security holes in secret questions. Croll posted: “What I would like to say is that even the biggest and the strongest do silly things without realising it and I hope that my action will help them to realise that nobody is safe on the net.
“If I did this it's to educate those people who feel more secure than simple internet novices. And security starts with simple things like secret questions because many people don't realise the impact of these questions on their life if somebody is able to crack them.”
Recent Webroot research data about risky behaviour from a survey of 1,100 users of social networks, showed that about one third of the respondents said they include at least three pieces of personally identifiable information and over one third use the same password across multiple sites. Two-thirds of respondents said they do not restrict any details of their personal profile from being visible through a public search engine such as Google and over half are not sure who can see their profile.
Czarny said: “For businesses, we need to start talking more about the proliferation and usage of social media and Web 2.0 in the workplace and how to implement effective web security measures to protect networks from threats and the potential loss of sensitive data. Twittergate (as it's being called) is a reminder of how important web security is – for both business and personal use and that grey area in between.”