The True Story Behind The Twitter Earnings Leak
1 May 2015
By Darrell Heaps
Following Twitter?s earnings leak this week there has been a huge amount of speculation about what happened. Numerous media outlets and blogs speculated?(and others)?that it was a URL sniffing bot that guessed the filename of the earnings release.
It?s not surprising that they went this route, because this has happened before (4 in 2011). Yes, there have been URL sniffing breaches before. Yes, there are bots out on the web guessing URLs and trying to download documents. However, any reputable IR website vendor protects against this, including NASDAQ.
The truth is that this was not URL sniffing, this was human error. According to NASDAQ?s statement:
“Yesterday at 3:07 pm EDT, Shareholder.com inadvertently posted Twitter’s (TWTR) earnings release prematurely on its investor relations website. The posting was caused by an operational issue that exposed the release on Twitter’s IR website for approximately 45 seconds. During those seconds the site was scraped by a third party that publicly disseminated the earnings information….”
It was simply that someone posted the PDF 1 hour early ?by mistake. (at 3:07pm and 57 seconds exactly). The person quickly realized the mistake and pulled the document down within 45 seconds. My guess is they thought they moved quickly enough?.but no.
What happened next was incredible?
And then instantly…
Within seconds of the PDF and link to it being posted, a website scraping bot, (which was deployed by a firm named Selerity and designed to watch the site) saw the new link, followed it to the PDF, downloaded the document, parsed the data and started tweeting the earnings. You can see from the chart above, the reaction on the stock was instant.
In today?s world, with 80% of Institutional Investors using social media the news spread instantly across the market and investors started selling. The reaction was immediate, as soon as the first Tweet hit.
UPDATE:?The first Selerity tweet went out at 3:07 and 57secs. Selling of Twitter started at 3:08. It took less than 3 seconds for trading bots to read the tweet and start selling. That is how fast things move these days.
Ahead of the earnings release, Selerity analysts reviewed the site for the locations most likely to be used for publication of the release based on where prior releases were published. The one where the early document was published was found this way:
1) Start from Twitter’s investor relations website: [https://investor.twitterinc.com/]
2) Follow the link for “Quarterly results” under “Financial information” in the left side bar. That takes you here: [https://investor.twitterinc.com/results.cfm]
3) Select “First Quarter” and “2015” from the drop-down filter at the top of the page. That takes you here: [https://investor.twitterinc.com/results.cfm?Quarter=1&Year=2015]
That URL was then handed off to the dev team which configured our web monitor to poll that URL and look for the earnings release as a link.
On Tuesday afternoon the system polled that page [https://investor.twitterinc.com/results.cfm?Quarter=1&Year=2015] periodically until at around 3:07:56 EDT it found a new link.
That new link was to a PDF document with the earnings press release. The system downloaded the press release and verified that it matched the patterns of a valid Twitter earnings release. Then it parsed out the financial data and published it to our clients and to Twitter.
The key thing to understand here is that Selerity didn?t hack or do anything crazy to get this information. If you (a human) were looking at the Twitter IR website during those 45 seconds you would have seen the link to their earnings too.
In today?s world, 45 seconds is plenty for the information to be discover and distributed to the entire market. The speed of Twitter is mind blowing.
Some recent IR industry posts following the incident took the position that if a newswire had been used to disseminate the news this wouldn?t have happened (because Twitter doesn?t use a newswire). However, in reality using just a wire to release earnings material is no longer best practice. Most companies provide supplemental information during earnings on their website, such as PDFs of the release, investor presentations, financial models, etc. Most companies use the wire but they also post this material to their websites. In each of these cases, documents are staged, and then published once the earnings have been released. Whether Twitter used a wire or not, it wouldn?t have mattered.
So, the key take aways from the Twitter leak are:
Bots are everywhere and they will find your mistake and publish it on Twitter.
Your Investors are using Twitter and will react instantly. 80% investors now using social.
Documents on IR websites have to be secure, this is table stakes for IR website vendors. Although this isn?t what happened to Twitter.
Disclosure controls and procedures both at your IR website vendor and within your own company are paramount in making sure sensitive information is handled correctly. This is what happened to Twitter.
There is no silver bullet. Web technology such as bots, sniffers, Twitter, etc. are all evolving quickly. You need to understand these changes and evolve how your firm and your partners handle sensitive information. This is a moving target.
When something like Twitter?s leak happens it brings a great deal of security to the entire IR website industry. This is not just about one vendor (I can attest to this by how many calls from clients we received moments after this occurred). This is about how the web has changed, how fast information travels today and what technology vendors and companies are doing to address it.
All of us in the IR website market need to be constantly improving our technology, our processes and protocols. IR websites are a critical component to the capital markets, more so today than ever. The days of ?it?s just a website, it?s fine? are very far behind us.
I’ve had conversations recently with two people that had the view “IR websites are a commodity“. To those who feel that way, I advise to look deeper at what happened with Twitter. Yes, basic websites are commoditized, but IR websites are an entirely different animal, and the differences among vendors is vast when you look under the hood. These differences are critical to the protection of public company information and share value. Underestimating the difference is a big mistake.
I?m not cheering about what happened with Twitter or NASDAQ, in fact I feel the opposite. But it has brought a spotlight to how integral and important investor websites are to the market, and how critical both technology and operations are, and that I think, is a good thing.
Where we go from here is up to all of us.
Happy Friday everyone!