How many basic IT security errors can you make in quick succession?
It seems that Labour leader contender Owen Smith’s team are trying to topple the record, if there is indeed a record to break.
It’s bad enough having an easy-to-guess username… It’s bad enough making your password one easy-to-guess word… It’s bad enough writing down said username and password onto a whiteboard during your presentation…
But taking a photo of all of that sensitive information and posting it onto your public social media channels? There are poor security habits… and then there is just lack of fundamental common sense.
In what can only be described as a catastrophic string of IT security errors, this is exactly what just happened to Owen Smith and his team as they inadvertently post their [poor] password and username for their Quvu account online for all to see, as you can see from the photo they posted below.
Not only that, but they also included the ClientID and even the login URL(!!), meaning all the information for easiest “hack” is right there, in front of anyone with the ability to, well, read.
For those that don’t know, and we imagine that may be most of you, Quvu is an analytics program for call centres so management can retrieve statistics on the progress of their calling machines and operators, as well as listen into active calls and a whole host of other features. The password (we checked, it’s been changed) is Survation, the name of a popular polling company. So no prizes for guessing what this meeting in the photograph is probably about.
Sponsored Content. Continued below...
And if that account information posted right there on the whiteboard had any kind of admin privileges, there is no guessing what kind of havoc pranksters or criminals could have caused if they managed to log into the account. Not to mention privacy concerns.
So, the moral of this post…
Don’t use an easy-to-guess username.
Use a strong password, long, and CERTAINLY NOT one single word (TechExplained.net’s password guide is right here)
Oh, and don’t post the username, password, client ID and URL onto the Internet for all to see.
For further reading, check out the absolute worst passwords of 2015 here.