A TV5Monde staffer accidentally revealed a password used to access the social media account of the broadcaster in an interview.
Following the successful attack against the network of the TV French Channel TV5Monde, law enforcement and French Intelligence started to investigate the attach chain.
Investigators speculate that one of the possible way hackers obtained credentials for systems at TV French Channel TV5Monde is the view of an interview that accidentally revealed the precious information.
While a TV5Monde reporter was filming David Delos in front of a staffer’s desk, it was visible in the background a paper reporting a list of usernames and passwords.
“In an interview with French news program 13 Heures, TV5Monde reporter David Delos unwittingly revealed at least one password for the station’s social media presence. That’s because he was filmed in front of a staffer’s desk—which was smothered in sticky notes and taped index cards that were covered in account usernames and passwords.” reported ArsTechnica.
The passwords visible in the video interview are related to Twitter, Instagram and YouTube accounts. The YouTube password was very easy to read, it was “lemotdepassedeyoutube” (Its translation is “the password of YouTube”).
In a different video it is visible a Post-it attached in front a monitor that reports the password “azerty12345” used on the main server hosting the website and other data of the TV5monde broadcaster.
TV5monde managers are talking about a prepared, powerful and coordinated attack, but honestly, this type of password doesn’t require any specific expertise to crack it, being easily crackable also by an amateur.
There is a moral lesson to take from this story, and the message is that even if you heavily invest in security measures to protect your assets, you continue vulnerable to human error, with social engineering.
Humans are the weakest link in the security chain.
About the Author Elsio Pinto
(Security Affairs – Tv5Monde, hacking)