A substantial security breach at Google Apps was reported yesterday by TechCrunch and confirmed by Twitter: hundreds of confidential corporate documents of Twitter and Twitter employees had been stolen by a hacker who gained access to a Google Apps account of one of Twitter employees.
These documents “range from executive meeting notes, partner agreements and financial projections to the meal preferences, calendars and phone logs of various Twitter employees… Some documents show floorplans and security passcodes to get into the Twitter offices.”
Although Twitter says that “this attack had nothing to do with any vulnerability in Google Apps”, it had everything to do with it. The attacker simply guessed the answer to a security question that resulted in a new password that enabled him/her to log into the breached email account, with access to all corporate documents. Compare this set-up with what we have at ThreeTags: there is simply no mechanism to change user password without logging into a ThreeTags account with a valid old password. And even if somebody hacks our servers and forces new passwords on user accounts, or outright steals user data, this will not in any way compromise the data, as it is encrypted and cannot be decrypted without knowing the original password.
So rest assured that your data is secure with us.
![[tags]](http://www.threetags.com/res-11/tag_blue_3.png)