TV5Monde makes new security blunders in wake of hack
Last week’s hack attack against TV5Monde resulted in the compromise of its website, social media accounts, the outage of its email server, and a temporary program suspension of 11 of its TV stations. The website and the company’s Facebook account were defaced by the alleged perpetrators, the CyberCaliphate hacking group, showing suport for IS.
As the network struggles to recover and improve security measures, and as the investigation into how the attackers managed to pull this off continues, A
an interview aired just a day after the attack demonstrated how easy it sometimes can be for attackers to get a hold on passwords needed to hijack online accounts.
The interview was aired by French news program 13 Heures. The interviewee, TV5Monde reporter David Delos, was sitting in front one of the network’s staffers’ desk, and on the wall behing him, notes containing usernames and passwords for TV5Monde’s Twitter, Instagram and YouTube accounts, were visible.
The latter was discernible:
Well, the TV5Monde YouTube channel password was “lemotdepassedeyoutube”
In English “thepasswordofyoutube”
— pent0thal (@pent0thal) April 9, 2015
And a later TV segment revealed another username/password combination that belongs to one of TV5Monde’s employees:
Another password spotted in the wild… pic.twitter.com/9RvVTr6FOn
— pent0thal (@pent0thal) April 9, 2015
This blunder happened after the attack, and it seems that this information hasn’t been used to target the network’s accounts again (hopefully they’ve changed these particular passwords soon after), but it just goes to show how easy it is to make mistakes that can have serious repercussions.