TechCrunch claims it contacted Twitter ahead of publication of hacked documents

Although it received and published documents that were allegedly hacked by ‘Hacker Croll', believed to have illegally accessed the files by guessing staff members' passwords, TechCrunch has claimed it had "spent much of the last 36 hours talking directly to Twitter about the right way to go about putting the documents online".

Sam Masiello, vice president of information security at MX Logic, questioned this statement, claiming that he had a hard time believing that those discussions involved Twitter saying ‘yes, please post the information, but just leave out the secret sauce bits'.

Masiello said: “I don't understand what criteria TechCrunch used such that they are now the governing authority over what is and is not confidential or why they feel they have a right to make that call to begin with. I am disappointed that a purportedly reputable news organisation would feel that they have such a privilege."

In a follow-up, TechCrunch attempted to justify its actions by pointing to previous cases where they and another news organisation had posted sensitive information.

Masiello said: “I guess that means that since there is a precedent for something happening that it somehow makes it right?  They also state within this article that they ‘break big stories'. Obviously, those that break the big stories get the big press, but let's not also forget that a certain level of responsibility is expected as well. Saying that ‘others do it too' as justification for doing anything is just plain juvenile.

“Whether TechCrunch will end up facing any legal action from Twitter remains to be seen. Twitter might want to consider at least sending TechCrunch a thank you note for at least temporarily turning the stink-eye from this whole mess away from themselves as TechCrunch appears to be getting flamed worse than Twitter, who had the breach to begin with.”

Bridget Treacy, partner in Hunton & Williams' global sourcing and privacy practices, claimed that without knowing all the facts it is difficult to assess the legality of TechCrunch's actions, but she said: “Obviously those who publish materials need to pause and consider whether it is legal to do so. Online publishing happens much more quickly than was the case with traditional publishing activities, so decisions need to be made more quickly.

“In the context of traditional publishing, doubts are often thrashed out in the context of interim injunction applications. Given the speed with which online publishing happens, it is increasingly a case of publish first and ask questions later.”

An update from Twitter founder Biz Stone stated that the company was contacted by two blog journalists who had just been offered internal business documents stolen from Twitter by a hacker.

Stone said: “The publication of stolen documents is irresponsible and we absolutely did not give permission for these documents to be shared. Out of context, rudimentary notes of internal discussions will be misinterpreted by current and future partners jeopardising our business relationships. We are pursuing a path to address the harm caused by these actions and as noted yesterday, we've already reached out to the partners and individuals affected.”

See original article on scmagazineuk.com