| 20 |
| May |
Article from Rik Ferguson
Filed under: data leakage,data protection,Hacking,Opinion | RSS 2.0 | TB | Tags: celebrity, compromise, data loss, email, hack, hacked, snooping, web | 2 Comments
The Shanghai Daily today reports that “the internet mailbox” belonging to the official show “China’s Got Talent” (yes that nonsense gets everywhere) has been compromised.
Photo from Julien Lozelli's photostream on Flicker - Creative Commons
The mailbox contained (note the past tense) about 900 mails detailing the show’s running order, schedules, plans, contestant details and much more. These mails have now all been deleted and the tone of the article and the concern from Dragon TV certainly seem to suggest that there may not have been a backup in place.
As well as the show and contestant details, the biggest loss to Dragon TV is the production manual for the series, purchased from Freemantle Media. This document is reportedly worth around US$400,000. Show organisers are extremely worried that this information may have been stolen and will appear posted on public websites. They have requested domestic websites to delete the data should it appear, personally I doubt the effectiveness of such a strategy.
For me the most shocking quote from the article is:
“The mailbox was for the use of the Dragon TV’s internal employees only so it had simple passwords for easy communication.”
So, an internet-facing, shared mailbox containing highly confidential information with simple passwords? Normally at this point in a blog article I suppose I would begin to point out things that could have been done to limit the possibilities of such an event. It seems almost too incredible that the aforementioned combination of circumstances should even occur, but here you go…
If information is sensitive, do not allow access to it from the internet.
If information is sensitive do not store it in a shared mailbox, it is impossible to audit effectively
Never use simple passwords, for any reason, ever.
If you have a document worth almost half a million dollars… Encrypt it.
Related posts:
- Richard Dawkins forum compromised
- UK Government Fear Hacker Thief
- Symantec hacked? Full disk and database access?
- Google, China, Chicken Little and Cyber Armageddon.
- Salma Hayek’s Email Account Hacked.
Thursday, 20. May 2010 um 9:59 am
[...] This post was mentioned on Twitter by Rik Ferguson, Jovi Umawing, Declan Waters, Fundamentals, Romain and others. Romain said: RT @rik_ferguson: New blog – China's got Talent but no email – http://bit.ly/cJrDqq (Mailbox hacked) [...]