Prince William photos accidentally reveal RAF password

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

When Prince William’s official website released a series of photographs yesterday of a day in his life as an RAF search and rescue helicopter pilot, they probably didn’t imagine that the PR initiative would end up ringing security alarm bells.

As The Guardian reports, some of the photographs had sensitive information in the background.

Making matters worse, the images had already been shared widely with the world’s press.

It only took us a few minutes this morning to find the original images on the internet.

Sign up to our free newsletter.
Security news, advice, and tips.

Revealing photograph

This is one of the original images that we found on the net. Can you spot the username and password?

Here’s a closer look.

Password

The revealing information in this photograph is pinned to the wall.

I havve obscured the username and password in the close-up above, but it has to be said that when I zoomed in further I was disappointed to discover that the password was extremely obvious, easy to guess and – frankly – a diabolical choice.

The original pictures have obviously been widely distributed, and the cat has to be considered out of the bag. The only sensible course of action is for the authorities to change the passwords to something much stronger, ensure that stronger unique passwords are used in future, and to take greater care about vetting photographs before publication in future.

As we have explained before, if you are being photographed or filmed at your place of work, it may be sensible to remove any passwords which could appear in the background.

The Ministry of Defence confirmed to the press that four images of the 30-year-old William (known as Flight Lieutenant Wales at the RAF base on Anglesey) had been replaced on the website with amended versions, obscuring potentially sensitive information. Passwords have also been reset as a precautionary measure.

Here’s the new official doctored version of the photograph, with the login information removed courtesy of Photoshop:

Doctored photograph. Click for larger version

Has any harm been done on this occasion? Probably not. But the story is getting lots of attention simply because of Prince William’s involvement.

If anything, some good may come of this. Maybe more people will be wary of what could be in the background when they get photographed or filmed in future.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.