Reported in The Hacker News, the passwords and login credentials for a London railway station were posted on the top of a computer monitor and broadcast on a BBC TV documentary. Company security policies should include never displaying your credentials where they might be viewed by unauthorized personnel… or TV cameras!
The Weakest Link In the Information Security Chain is still – Humans.
And this news has ability to prove this fact right.
One of London’s busiest railway stations has unwittingly exposed their system credentials during a BBC documentary. The sensitive credentials printed and attached to the top of a station controller’s monitor were aired on Wednesday night on BBC.
What could be even worse?
If you think that the credentials might have been shown off in the documentary for a short while or just some seconds, then you are still unaware of the limit of their stupidity.
The login credentials were visible for about 44 minute in the BBC documentary “Nick and Margaret: The Trouble with Our Trains” on Wednesday night, which featured Nick Hewer and Margaret Mountford – the two business experts, both famous for their supporting role on The Apprentice.
The documentary was available on the YouTube, but has now been removed due to security concerns.
While talking about the concerns of the British railway network, the duo walked into London Waterloo’s control room where these sensitive credentials were seen stuck to a monitor of a system.
A screenshot of the offending monitor with the machine-produced login was captured and shown above. The screenshot points to a particular workstation signaller’s control desk seems to be running a type of software that controls signals and trains over the final approach to Waterloo station.
…
Okay, now let’s come to another security concern. What would you expect next?
“Password3” Isn’t this great password?
I mean, at least keep a strong password that take some time to guess and crack. Password3 could be in the list of top ten weakest passwords.
The incident occurred few days after the news came that the computer systems controlling the railway signalling system in the United Kingdom could potentially be hacked by cyber criminals to cause oncoming trains to crash into one another at highest speeds.
However, this security blunder of revealing passwords mistakenly in an interview, video or news channel is not new at all.
Last year, the World Cup security centre’s internal Wi-Fi passwords for the FIFA World Cup 2014were broadcast live. Also, French TV network TV5Monde failed to keep its passwords secret and revealed a collection of the TV station’s usernames and passwords live on TV.