The mailbox contained (note the past tense) about 900 mails detailing the show’s running order, schedules, plans, contestant details and much more. These mails have now all been deleted and the tone of the article and the concern from Dragon TV certainly seem to suggest that there may not have been a backup in place.
As well as the show and contestant details, the biggest loss to Dragon TV is the production manual for the series, purchased from Freemantle Media. This document is reportedly worth around US$400,000. Show organisers are extremely worried that this information may have been stolen and will appear posted on public websites. They have requested domestic websites to delete the data should it appear, personally I doubt the effectiveness of such a strategy.
For me the most shocking quote from the article is:
“The mailbox was for the use of the Dragon TV’s internal employees only so it had simple passwords for easy communication.”
So, an internet-facing, shared mailbox containing highly confidential information with simple passwords? Normally at this point in a blog article I suppose I would begin to point out things that could have been done to limit the possibilities of such an event. It seems almost too incredible that the aforementioned combination of circumstances should even occur, but here you go…
If information is sensitive, do not allow access to it from the internet.
If information is sensitive do not store it in a shared mailbox, it is impossible to audit effectively
Never use simple passwords, for any reason, ever.
If you have a document worth almost half a million dollars… Encrypt it.