Following the Twitter hack last week, Twitter founder Biz Stone ended his breach blog post with the famous quote: "... akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there."  

As the hacker revealed how the breach occurred, and I must say that the way the underwear drawer was unlocked was not surprising. As the details were exposed we got the Full Monty: Inactive accounts on different portals which may be recycled by other users, current accounts pointing to old accounts, Google Hacking (or in this case, Social Network digging), taking advantage of password reset mechanisms, reusing passwords for multiple accounts, no “separation of duties” on passwords (the same password used both for personal and business accounts), and of course - organizational policies on (mis)using the cloud.

Gaining all the initial information to carry out such an attack points to issues in the “Your Secret Questions” and your "Secret Facebook Account". When people choose their secret questions (required by many systems as a means for protecting the password recovery process) they'll not be hesitant in selecting questions like “Your childhood hero”, “Pet's name” and “Mother's maiden name”. Answers to these questions are unlikely to be easily found anywhere—except on a person's “Secret Facebook Account". But lo and behold, it turns out that most people don't keep their Facebook pages secret, they actually share them with the entire Internet population, happily exposing such details as... Pet's name, childhood hero and guess what? Even a mother's maiden name.