Cripes! 7 News Australia seems to be a few stubbies short of a six-pack, judging by what Twitter user Lee Meadows spotted on TV.
During a broadcast interview conducted via a Zoom video chat, the cameraman no doubt imagined he or she was getting a terrific angle pointing over the reporter’s shoulder.
Unfortunately, however, the view didn’t just show the interviewee on the screen – but also a monitor festooned with stuck-on login credentials.
Zooming in on the picture it’s possible to see what appears to be a number of user IDs and passwords, including details for what appears to be the Canberra news team’s Gmail account and a Zoom account.
(I won’t zoom in on the photograph here, but trust me… it’s bad)
So, repeat after me: Sticking passwords onto a computer screen is not a great idea. Then broadcasting those passwords on a TV news report is even worse.
Thankfully, judging by a different tweet, the TV station appears to have enabled two-factor authentication on its Gmail account at the very least. That means that even though its password should be considered compromised, any wannabe hackers have an additional hurdle to overcome before accessing the account.
Eagle-eyed Lee Meadows informed 7 News Australia via Twitter about the potential breach five days ago, but they haven’t publicly replied to him as far as I can see. Hopefully they have taken action to change the passwords by now.
And perhaps made them stronger at the same time. I certainly hope so, as some of the passwords stuck on that screen are frankly as secure as a soggy tissue. Really, what’s the point of a password at all if it’s going to be the same as your user ID?
Oh, and before anyone starts to feel too smug about the faux-pas down under, it’s worth recognising that this is happened to other TV stations in the past and will no doubt happen to more in the future. Isn’t that right Sky News, BBC, CBS, and – most catastrophically of all – TV 5 Monde?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.