In case you missed it, there was some major drama in the world of social media last week between the widely read social media and technology blog, TechCrunch, and social networking’s newest darling, Twitter. Dubbed Twitter-Gate, the ruckus all started when TechCrunch, one of the foremost information brokers in the Silicon Valley, received a zip file full of 310 confidential internal documents from Twitter. Rather than sitting on the documents, TechCrunch decided to run with them, publishing juicy details about Twitter’s partner agreements, financial projections, and more.

 Image via TechCrunch

Naturally, the incident brought on much criticism of both Twitter, for insufficiently protecting their sensitive information, and TechCrunch, for opting to post the material despite the fact that it was illegally acquired. While there is certainly plenty of criticism to go around, I wanted to take a minute here at the ReputationDefender blog not to speculate as to who was right and who was wrong, but rather to remind people just how important is is to protect your privacy in the digital age.

First, let us examine how Twitter’s sensitive material was leaked. According to an article from TechCrunch, the hacker (known as Hacker Croll) was successful because he treated Twitter’s infrastructure as a “eco-system.” In other words, Hacker Croll viewed Twitter as a whole. Rather than seeking one point of entry, he collected information about everything related to Twitter, particularly employees. During his search, he uncovered access to a Twitter employee’s Gmail account which opened up a veritable Pandora’s Box of information including other e-mail accounts, social networking profiles, credit card numbers, and more.

TechCrunch breaks the attack down nicely in their article:

1. HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
6. Even at this point, Twitter had absolutely no idea they had been compromised.

As easy as it would be to criticize the unnamed Twitter employee for leaving their information accessible, it is probable that he took the same amount of care in protecting his account as 99% of the rest of us. Unfortunately, in a world where personal information is accessible at the mere click of a button, it is not good enough to be partially secure.

So what are some tips for managing your privacy online? First, use common sense. If you have your e-mail account listed online along with information about your favorite dog Bowser, then you shouldn’t make your password recovery question, “What is the name of my pet?” Furthermore, if you don’t already use separate passwords for all of your web-based accounts, start.

Many of us spend our entire day on the Internet. If you use the same password for all of your accounts, you’re literally putting everything in your life up for grabs. Remember, the best passwords are a combination of mixed-case letters, numbers, and symbols. Make your passwords memorable, but also unique. Something like “1p9g8y1″ is a lot harder to crack than “partyguy81.”

As more and more people turn to the Internet to share information, issues of privacy and Online Reputation Management will continue to be pushed to the forefront of popular culture. Taking proactive steps to protect your identity online now will pay enormous dividends in the future.

I wanted to blog a quick shout out to Libby Sartain, who was recently named Executive in Residence at the Institute for Corporate Productivity. Libby is the former CHRO of Southwest Airlines and Yahoo!, and will lend her expertise and insights to the Institute for Corporate Productivity.

Quoting from the page:

Libby Sartain, former CHRO at Yahoo! Inc., is now an executive in residence at the Institute for Corporate Productivity (i4cp), the company announced today. Sartain brings more than 30 years of experience in HR and business to i4cp’s expanding array of corporate performance experts.

As an executive in residence at i4cp, Sartain will be available to participate in the major project assignments i4cp conducts over the course of a year. She will also provide her insight to aid in the development of:

· Playbooks, designed to enable managers and leaders to take action based on specific scenarios and situations;
· Pulse Survey Analysis reports, which analyze and interpret the research data from i4cp’s 50+ annual studies;
· Highlight Reports, which take an in-depth look at each of i4cp’s 58 topics of expertise and provide research, corporate examples, scenario planning and more.

Sartain, who was a keynote speaker at i4cp’s 2009 Annual Conference, will also be available through i4cp membership to business leaders seeking input and/or advice on specific projects their companies are facing.

[SNIP]

Sartain is the author of HR from the Heart: Inspiring Stories and Strategies for Building the People Side of Great Business (AMACOM) and Brand from the Inside: Eight Essentials to Connect Your Employees to Your Business (Jossey-Bass), as well as the recently released Brand for Talent: Eight Essentials to Make Your Talent as Famous as Your Brand (Jossey-Bass).

For full disclosure, Libby is an adviser to ReputationDefender. I have recently posted a guest post on her blog, Brand for Talent, that examines how search engines are impacting job searches in the digital era.

ReputationDefender congratulates Libby on her new leadership position and is grateful for the insight she has lent to this firm over the years.

Maintaining one’s privacy in the Internet age is no easy task. Thanks to the ever-evolving efficiency of search engines like Google, it takes literally five minutes for a web searcher to discover phone numbers, home addresses, tax statements, personal pictures, and more. Just imagine what would happen if a class full of sharp-eyed law students were the ones doing the searching. Oh wait, now we don’t have to imagine!

At the behest of their professor, Mr. Joel R. Reidenberg, a class of Fordham University Law School students recently scoured the Internet for the personal information of Supreme Court Justice Antonin Scalia. The project, which was conceived by Reidenberg “to illustrate law and policy issues associated with readily available information, contextual use, social norms and the scope of legal protection,” seems to have upset the notoriously grumpy Justice.

In an article for the legal tabloid, Above The Law, Justice Scalia states that, “It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.”

Whether or not you believe Professor Reidenberg was wrong to give his class this assignment, the greater point to take away from this story is that the Internet has made keeping your personal information private very difficult. Although most people are probably not public figures like Justice Scalia, it is still important that they take proactive steps to protect their privacy online.

The cynic in me wonders why we are surprised at yesterday’s report, covered here in New York Times, that 94% of all email passed through the Internet is spam.  After all, aren’t we all confronted with inboxes bloated with email that’s clearly unwanted?  Here’s a snap shot of my junk folder in an email account that I use exclusively for “trapping” and analyzing spam:

You’ll notice that I have managed to train the folder to exclude most pernicious types (porn, ED pills, etc.) of emails, but there’s still a glut of permission based marketing emails in there.  This means that somehow, somewhere along the way, I have granted that advertiser (or one of their affiliates) permission to contact me — probably without my really knowing it.

Here at Rep Def I work with our MyPrivacy team on the best way to unravel these permissions and make sure that the user has *true power* to control the way he or she is contacted.  I’ll try to come back here today to post some of the best tips for proactively limiting these types of emails.

We’ve already made huge strides on the problem of telephone privacy, and more recently started to address unwanted direct mail.  I’ll bet on our crew to figure out email, too.

One of the key ways companies like ours drive traffic (i.e., potential customers) into our website is by using affiliate marketers – basically other website owners who will market reputation and privacy products on our behalf.  Here’s how it works in our case:

Step 1: These website owners (“Affiliates” as they are called) sign up for the ReputationDefender affiliate program (takes but a couple of minutes) and then we review them to make sure they are good people who operate ethical websites.

Step 2: They tell their website users to go to ReputationDefender.com and our associated web sites (like the Global Do Not Call List) by using easy-to-setup web banners or text links that we supply to them on the affiliate website.

Step 3: They sit back and watch the money flow in.  Seriously it’s that easy – we record the transactions and then pay out according to what types of plans the user chooses.

I wanted to write about this today because I think it’s a dead-simple way to make a lot of money selling in-demand products on the web.  Yesterday I signed a check for $5000 for one week of an individual affiliate’s work.  No joke.

So if you have a website and would like to make money by joining our network, sign up as an affiliate today. And if you found this post interesting, drop me a note and I’ll blog again with more advanced tips for your website.

We look forward to working with you!