Klaus Zimmermann's Corner

Irresponsibility with data that you shouldn't even have in first place

Another day, another data breach: personal information for 5.4 million Twitter accounts exposed and offered for sale at hacker forums.

This is a read that only gets better as it goes. The quoted comment in the article nails it in the head: Twitter requests information not necessary for operations from users (like a phone number) and then mishandles it carefree. And then that information - unnecessary but highly personal and potentially correlating - surfaces elsewhere to bite back at users while Twitter plays the clueless "what could I have done" card.

Schneier himself has stated previously that "data is a toxic asset, so why not throw it out?" which is the plainest truth around, and yet it takes more and more cases like this to make the world see what's really abuse by a corporation.

I personally don't have skin in this case for I have never used Twitter, but opted for free software and distributed networks instead. For the millions of other (sometimes anonymous or pseudonymous) users, however, Twitter's solace is embarassingly canned (emphasis mine):

If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened. To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.

Good job, Twitter! :facepalm: