No compromise?
Ferguson writes. "This has the net effect of making it look like, in this example, servers belonging to Twitter were compromised when in reality that was not the case."
Well, I guess that might technically be the case, but instead anyone using Twitter during that time had their account credentials compromised. There are millions of Twitter desktop clients using basic authentication and thousands of API users doing automated things during the night that were most likely compromised.
This was a huge breach and whether Twitter itself was compromised the net effect is actually the same to a user using a logged in account.
Biting the hand that feeds IT
