"Hacker Croll then used the same password to access the employee??s Twitter email on Google Apps, getting access to a gold mine of sensitive company information from emails and, particularly, e-mail attachments," wrote Cubrilovic. Included in that gold mine were the usernames and passwords of other Twitter employees, which Hacker Croll used to break into the work e-mail accounts of Williams and Stone, among others.

According to Cubrilovic, the one-password-for-all-sites habit of the hacked employee was not uncommon at Twitter. "Most/all Twitter employees used the same password for their Google Apps e-mail (the Twitter e-mail account) as [they] did with [their] personal Gmail account," he said.

Last week, Masiello urged users to create stronger passwords -- a blend of alphanumeric and special characters, such as "#" and "&," for instance -- and use different passwords for each service or site. But he wasn't optimistic that his advice would hit home. "I think it's going to take a lot more than this incident to convince people," he said. "It just goes to show that even though we've been talking about strong and multiple passwords for years, people still haven't caught on."

Twitter has threatened legal action against the sites, including TechCrunch, that have published the stolen documents, but that it was hard to predict whether it would succeed.