Categories: Breaking NewsCyber CrimeHacking

Tv5Monde revealed his own passwords in an interview

A TV5Monde staffer accidentally revealed a password used to access the social media account of the broadcaster in an interview.

Following the successful attack against the network of the TV French Channel TV5Monde, law enforcement and French Intelligence started to investigate the attach chain.

Investigators speculate that one of the possible way hackers obtained credentials for systems at TV French Channel TV5Monde is the view of an interview that accidentally revealed the precious information.

While a TV5Monde reporter was filming David Delos in front of a staffer’s desk, it was visible in the background a paper reporting a list of usernames and passwords.

“In an interview with French news program 13 Heures, TV5Monde reporter David Delos unwittingly revealed at least one password for the station’s social media presence. That’s because he was filmed in front of a staffer’s desk—which was smothered in sticky notes and taped index cards that were covered in account usernames and passwords.” reported ArsTechnica.

The passwords visible in the video interview are related to Twitter, Instagram and YouTube accounts. The YouTube password was very easy to read, it was “lemotdepassedeyoutube” (Its translation is “the password of YouTube”).

In a different video it is visible a Post-it attached in front a monitor that reports the password “azerty12345” used on the main server hosting the website and other data of the TV5monde broadcaster.

TV5monde managers are talking about a prepared, powerful and coordinated attack, but honestly, this type of password doesn’t require any specific expertise to crack it, being easily crackable also by an amateur.

There is a moral lesson to take from this story, and the message is that even if you heavily invest in security measures to protect your assets, you continue vulnerable to human error, with social engineering.

Humans are the weakest link in the security chain.

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs – Tv5Monde, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Did the attackers hack TV5Monde with the Kjw0rm Remote Access Trojan? »

Previous « Compliance: An Often Overlooked, Powerful Method of Threat Prevention

Published by

Pierluigi Paganini

Tags: ANSSICyber Caliphatecyber terrorismISIS. hackingsocial mediaTV5Monde

11 years ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

17 minutes ago

Security

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…

49 minutes ago

Data Breach

Fintech firm Figure disclosed data breach after employee phishing attack

Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…

21 hours ago

Breaking News

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…

22 hours ago

Hacking

Suspected Russian hackers deploy CANFAIL malware against Ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…

1 day ago

Artificial Intelligence

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…

2 days ago

This website uses cookies.