How many basic IT security errors can you make in quick succession?
It seems that Labour leader contender Owen Smith’s team are trying to topple the record, if there is indeed a record to break.
It’s bad enough having an easy-to-guess username… It’s bad enough making your password one easy-to-guess word… It’s bad enough writing down said username and password onto a whiteboard during your presentation…
But taking a photo of all of that sensitive information and posting it onto your public social media channels? There are poor security habits… and then there is just lack of fundamental common sense.
In what can only be described as a catastrophic string of IT security errors, this is exactly what just happened to Owen Smith and his team as they inadvertently post their [poor] password and username for their Quvu account online for all to see, as you can see from the photo they posted below.
Not only that, but they also included the ClientID and even the login URL(!!), meaning all the information for easiest “hack” is right there, in front of anyone with the ability to, well, read.
For those that don’t know, and we imagine that may be most of you, Quvu is an analytics program for call centres so management can retrieve statistics on the progress of their calling machines and operators, as well as listen into active calls and a whole host of other features. The password (we checked, it’s been changed) is Survation, the name of a popular polling company. So no prizes for guessing what this meeting in the photograph is probably about.
Sponsored Content. Continued below...
And if that account information posted right there on the whiteboard had any kind of admin privileges, there is no guessing what kind of havoc pranksters or criminals could have caused if they managed to log into the account. Not to mention privacy concerns.
So, the moral of this post…
Don’t use an easy-to-guess username.
Use a strong password, long, and CERTAINLY NOT one single word (TechExplained.net’s password guide is right here)
Oh, and don’t post the username, password, client ID and URL onto the Internet for all to see.
For further reading, check out the absolute worst passwords of 2015 here.
Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)
Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)
