Twitter Commerce Plans Leak: When Will Businesses Learn About Secure Data Sharing?

Enterprise level file-sharing solutions would have provided user-level permissioning and document-level security to more tightly control who within the respective companies would be able to view the material.


7 February 2014

Data Security

If you work for a company in the public eye, chances are that one of the last things you want is for your secret corporate plans to become public.

But that's exactly what has happened to Twitter, which seems close to finalizing a deal with a payment service company to provide the behind-the-scene infrastructure to allow purchases to be made directly via tweets.

Twitter’s Corporate Plans Exposed

Information about Twitter's latest play for monetization fell into the hands of Re/code, after its journalists went digging around the publicly accessible directories of Fancy.com, whose board includes Twitter co-founder Jack Dorsey.

Re/code discovered the documents on the open Web through a public section of Fancy.com’s website that was not password protected. The images have not been verified by Twitter or Fancy.  A source with direct knowledge of Twitter’s commerce plans said that the documents were mockups created by Fancy.com, which presented Twitter with a version of what its Commerce product could look like. Twitter is also in discussion with other similar partner sites regarding its Commerce plans, according to this person.

A Twitter spokesman declined to comment. A Fancy spokesperson was not immediately reachable.

How Businesses Should Protect Private Information

It sounds to me that either Twitter or Fancy.com (or perhaps both) weren't taking enough measures to ensure their private discussions and plans weren't seen by unauthorized third parties.

Corporations working on such high profile partnerships need to remember the importance of keeping secrets... how can I put this... secret.  Posting the material on a publicly accessible section of Fancy.com's website without even password-protecting and thus making it available to anyone on the internet is clearly extremely sloppy.

But even if that hadn't happened, enterprise level file-sharing solutions would have provided user-level permissioning and document-level security to more tightly control who within the respective companies would be able to view the material.

Such solutions can not only give companies visibility into who is accessing their files, and when, but can also prevent recipients from forwarding or saving the information, and can even set "kill-dates" on files that they don't want to linger forever.

Everyone will no doubt be breathing a sigh of relief that it wasn't more sensitive information, like users’ or business’ personal or financial data, being shared between the different parties.   Still, it's quite embarrassing for Twitter's potential plans to become the gossip of tech news sites and not to forget, exposing their plans could give their competitors’ a few ideas.

But the fact that this slip-up occurred at all suggests that some firms may not have privacy and security deeply ingrained in their bones.  And if they don't protect their clients’ proposals and data as a matter of course, what hope do they have to stay compliant with the latest geographic regulations and privacy mandates?

We’re living in a world where not everyone scouring your website for corporate secrets is a curious journalist; they could be a potential online criminal or hacktivist instead! The time has come to make secure data sharing the norm.