As news of the most recent Twitter breach spread and details of what was compromised started to come forth the question that was at the forefront of my mind was "Whatever happened to responsible disclosure?" where you notify the vulnerable party, give them ample time to fix the problem, and if any information is released publicly, it is done after the problem has been confirmed resolved by the vendor.

According to the article on TechCrunch that contains data that was stolen, they "spent much of the last 36 hours talking directly to Twitter about the right way to go about doing that" (where that = the right way to go about releasing the data).  Now I was certainly not privied to those discussions, but I have a hard time believing personally that those discussions involved Twitter saying "yes, please post the information, but just leave out the secret sauce bits."  I don't understand what criteria TechCrunch used such that they are now the governing authority over what is and is not confidential or why they feel they have a right to make that call to begin with.  I am disappointed that a purportedly reputable news organization would feel that they have such privilege. 

In a follow up post TechCrunch attempts to justify their actions by pointing to previous cases where they and another news organization had each taken it upon themselves to post sensitive information.  I guess that means that since there is a precedent for something happening that it somehow makes it right?  They also state within this article that they "break big stories."  Obviously, those that break the big stories get the big press, but let's not also forget that a certain level of responsibility is expected as well.  Saying that "others do it too" as justification for doing anything is just plain juvenile. 

Of course, let's not let the person who leaked the information to TechCrunch off the hook either as they are certainly culpable as well.  At this point nobody seems to know who that person is (at least not publicly).  This mystery person submitted the information with the expectation that it would get published.  Otherwise, why send it to a news organization to begin with.  They baited the hook and TechCrunch bit down hard. 
Whether TechCrunch will end up facing any legal action from Twitter remains to be seen.  Twitter might want to consider at least sending TechCrunch a thank you note for at least temporarily turning the stink-eye from this whole mess away from themselves as TechCrunch appears to be getting flamed worse than Twitter, who had the breach to begin with!

Funny how things work sometimes :)