Jonathan Ross email goof highlights Twitter security issue

Filed Under: Data loss, Social networks, Twitter, Video

Jonathan Ross
Britain's highest paid television personality, Jonathan Ross, has accidentally revealed his personal email address on Twitter.

In doing so, he underlines a problem that has been worrying me about Twitter for some time.

Ross, who is a huge fan of the micro-blogging website and has over a quarter of a million fans following his minute-by-minute Twitter updates, has alongside fellow Twitter devotee Stephen Fry helped to raise awareness of the site in the UK, and encouraged rapid take-up by talking about the service on his TV and radio shows.

In a slip of the fingers which is all too easy to make on Twitter, Ross accidentally posted his full email address - presumably intending it just to be sent in a private direct message to a single individual.

You can picture him now crying out "Arrrgghhhh", as he realised he had just pressed send...

Jonathan Ross reveals personal email address

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Why is it a bad thing to post your email address on Twitter?

Well, obviously it can be scooped up by spammers who might bombard you with unwanted adverts about Viagra and cheap mortgages (although on Ross's £18 million contract he probably doesn't need the latter).

But it may also mean, with over 260,000 fervent fans, that he may get bombarded with so many emails requesting that he send them a signed photo, open the local garden fete, or simply pass on the mobile numbers of his many celeb buddies that his email inbox effectively bursts apart at the seams.

And identity thieves and fraudsters who want to spirit away some of Ross's millions might be tempted to forge emails, designed to trick him into opening attachments or clicking on dangerous links, and send them directly to his MobileMe address. (Ross has already revealed on Twitter that he is a life-long Apple fan by the way - so, fortunately for him, most malware won't be able to infect his computer).

Furthermore, internet lowlives could send emails pretending to be Ross. You can probably imagine the nuisance and confusion that that could cause - not just for the TV star but for his friends, family, and his business contacts.

Fortunately for Ross, he had plenty of fans who were quick to warn him of his faux pas:

Jonathan Ross's fans warn him that he posted his email address

Ross responded quickly by deleting the message from his Twitter timeline, but.. and this is the real problem.. when you "delete" a post on Twitter it's never really deleted.

I don't follow Ross, and by the time I looked for his accidental tweet he had already "deleted" it. However, a quick hunt using Twitter's Advanced search facility found it in a matter of seconds, and so I was able to make a screenshot. (I blurred his email address for privacy purposes, but it's still easy to find).

The question is this: Why doesn't Twitter really delete messages on Twitter when you ask it to? At the moment it deletes it from your stream, but searching can still find it.

This is a serious security problem. People will always accidentally type something they didn't mean to, or include the wrong link - why shouldn't they be able to properly delete the message from all of Twitter?

Accidents will always happen - but Twitter could be much more responsible about helping users clear up the mess afterwards.

For now, my best advice to Ross is to change his email address as soon as possible.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.