In a post from co-founder Biz Stone, the company counsels users that, with the exception of a single account, none of their personal information seems to have been exposed as a result of the hack. But before establishing that, Stone goes out of his way to explain that Twitter’s security problems are Twitter’s security problems, not cloud computing’s security problems or Google’s (GOOG) security problems.

This attack had nothing to do with any vulnerability in Google Apps which we continue to use. This is more about Twitter being in enough of a spotlight that folks who work here can become targets. In fact, around the same time, Evan’s wife’s personal email was hacked and from there, the hacker was able to gain access to some of Evan’s personal accounts such as Amazon and PayPal but not email. This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.

That last line seems directed at the likes of analysts like yours truly, who suggested this morning that the hack would raise concerns about the security of services that place work data on shared servers accessed via the Web. (Though the Twitter guys did seem to like my underwear-drawer metaphor. Cool!)

Stone then goes on to rattle a sword, gently but pointedly, at Web sites that have published stuff pilfered by the hacker.

We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We’re not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will.

Note that while it’s easy enough to find this stuff on the Web, only a handful of mainstream Web sites, including TechCrunch, Gawker and Silicon Alley Insider, have published it, and most of what they have published is banal. I’ve asked all three sites for a response to Twitter’s response.

In the meantime, TechCrunch’s Mike Arrington, who has promised to publish more, announces in a new post that he is in the midst of “negotiations” with Twitter’s lawyers about his plans. Happy to hear from a First Amendment specialist, but I don’t think Twitter has a case against Web publishers here; the issue is an ethical one, not a legal one.

UPDATE: Here’s Gawker Editor-in-Chief Gabriel Snyder’s “bring it on” retort:

It’s hilarious to see Twitter, which has become a conduit for real-time, unauthorized information from places like the New York Times’ internal meetings, now get prissy about corporate privacy. Ev Williams seems to have learned a lot about the mores of the institutional elite during his stay in Sun Valley. As for Twitter coming after us for publishing the docs, the only thing I’m upset about is that the leaker didn’t come to us with them first.

Now Twitter, which has suffered multiple security breaches in the past, has been punctured again. Someone has gotten into the personal Web services accounts of co-founder Evan Williams, his wife and at least one other Twitter employee, and used that access to make off with a pile of confidential company documents. He’s now distributing them on the Web, and TechCrunch promises to publish many of them.

The media ethics colloquy is well underway and will go on for a while (Boomtown’s Kara Swisher is holding her session, appropriately enough, via Twitter). Beyond that, I’m pretty sure Twitter is going to be okay when this dies down.

Based on Williams’s description of the attack (see the bottom of this post), as well as both TechCrunch’s and the hacker’s descriptions of what got pilfered, this looks roughly akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there.

The hack certainly will be worrisome for people who are using, or thinking about using, any kind of “cloud computing,” whereby work data/documents are stored on servers accessed via the Web. Google (GOOG) in particular is going to get some scrutiny, both because it’s Google and because it appears that a lot of this stuff was stolen after the hacker used Google’s “password recovery” system to root around. UPDATE: Twitter is now going out of its way to say that the attack isn’t Google’s fault, but Twitter’s fault for using passwords that are easy to guess.

Albert Wenger, a partner at Twitter investor Union Square Ventures, says in a post that his shop is currently considering moving its systems to Gmail and Google Docs, but notes the big problem: “The threat of access by a third party increases exponentially with the move to the cloud, because the machines that now contain the documents and the links to those documents (as sent by email) are accessible to the Internet at large.”

But cloud computing isn’t going away, so someone’s going to need to figure out how to make security better, yet still practical. There’s a reason no one follows the standard advice about having a different, impossible-to-remember password for every account you have. Wenger takes a stab at it in post–he suggests something tethered to a mobile phone. But whoever figures it out is going to have a lot of fans.

Williams’s description of the hack, via TechCrunch:

Yes, we did suffer an attack a few weeks ago and are familiar with this list of stuff. This is unrelated to the hack of twitter where someone gained access to user’s accounts. This had nothing to do with the security of twitter.com, and there were no user accounts compromised here.

Some notes:

- He did not actually gain access to my @ev Twitter account (or any Twitter accounts) nor any administrative functions of the site.
- There is also no evidence that he gained access to my email. There was one administrative employee who’s email was compromised, as was my wife’s Gmail account, which is where he got access to some of my credit cards and other information.
- He also successfully targeted a couple other employees personal accounts (Amazon, AT&T, Paypal…)

In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.

[Image credit: Wikimedia Commons]

But there are still investors willing to place some bets, even on the most nascent companies. Via the angel-investing program he’s running for the Founders Fund,
Dave McClure is one of those guys.

Founders is a VC fund run by Valley bigshots like Peter Thiel, most of whom made a lot of money when they sold PayPal to eBay (EBAY) many moons ago. Last year, they brought on McClure to handle smaller investments than they would normally make.

Founders Fund, which already owns a piece of Facebook, has already made bets on the burgeoning Facebook app ecosystem via the “fbFund,” so McClure is particularly interested in those types of companies. Which explains why I found him at the Facebook “Developer Garage”–a Facebook-sponsored mini-convention held on the outskirts of SXSW.

But McClure chatted with me about non-Facebook investments as well, and why it’s easier to find interesting deals now that he isn’t competing with amateur angels who made their money at Google (GOOG) and Yahoo (YHOO).

Bonus footage: Want to see what I look liked during this interview? I don’t recommend it, because grooming standards got a little relaxed over the weekend. But for diehards, here’s a (sped-up) version of our chat, from a different angle, via The Interwebs, which filmed me filming McClure. Down the rabbit hole we go:

This is all about expectations: In any other setting those numbers would be a calamity. But given that online sales for the rest of November have been lower than the previous year, this constitutes good news for the likes of Amazon (AMZN).

Thursday’s numbers were even better: Thanksgiving day sales increased six percent over the previous year (click image to enlarge).

But two days of data aren’t enough to make comScore (SCOR) or anyone else rethink their overall predictions for the holiday season, which remain dour. ComScore thinks overall sales will be flat.

Separately, eBay’s (EBAY) PayPal reported that transaction volume on Friday increased 34 percent over the previous year and that overall sales increased 26 percent. PayPal claims that its numbers represent 12 percent of U.S. e-commerce, but I don’t think those numbers will be nearly as heartening for most big retailers, which aren’t depending on the online payment service.