There's an onslaught of blogs and sites predicting the demise of Twitter after some noticeable accounts were hacked. Some of the sites speak about the hacker with awe and Twitter with disdain (an epidemic?!). What in the world is wrong with people?
Truth be told, I found some of the messages left by the hacker to be quite humorous. That's not to say I don't hold the hacker accountable, though. He made the decision to process scripts that did a dictionary attack on a Twitter administrator. After his attack worked, he logged in. After he logged in, he reset other account passwords. After he changed the passwords, he logged in their accounts. There are full details of the hack at Wired.
The hacker even filmed the crime and left a nice trail to follow:
Twitter isn't an e-commerce program, holding your credit card data. Twitter doesn't have your social security information. Twitter doesn't pretend nor try to be a universal authentication package. Twitter's intent was never to let this happen. While their approach to security best practices may have been lacking, it's still not their fault that someone out there decided to hack them.
Imagine Twitter was a bank and the hacker was the robber. When the bank-robber works to find flaws in the security and eventually cracks the safe, do we blame the bank? No, we don't.
Twitter has responded. Had the hacker notified Twitter of the security breach and they did not correct it, I would hold them accountable. The hacker had the opportunity to do just that… but didn't.