Skip to main content

CNBC May Have Your Password and Shared It

By April 8, 2016May 26th, 2021Blog, Cybersecurity

cnbc_may_have_your_password_and_shared_itRecently, CNBC ran an article on password security. Embedded in the article was a tool they invited readers to use to test the strength and integrity of their passwords. The tool was supposed to estimate how long it would take a hacker to “crack” your password, and the tool was given with assurances that passwords would not be stored, and would not be sent to third parties. Sadly, neither of those things proved to be true.

Security experts who visited the site, read the article and analyzed the tool found a trio of disturbing problems with it. First and most obviously, the site was not served with SSL/TLS encryption. It is this encryption that keeps would-be hackers from intercepting data as it is being sent from your computer to the host computer, which is why it is used by banks, eCommerce sites, and the like. Its absence on this page meant that anyone could intercept the data you submitted.

Second, despite claims to the contrary, when you entered your password and clicked the submission button, the site ran a script called in part “script.google.com.” Once the script had run, the message it returned was “success”, row: XXXX,” where XXXX was a number. The number would increment by one with each new password entered, a clear indication that the script was actually storing the passwords by adding a line to a spreadsheet, or a record to a database.

Third, security consultants found evidence that the passwords entered via the tool were actually forwarded on to Google’s DoubleClick ad service and Scorecard Research.

CNBC has since removed the article, but so far, as offered no official explanation regarding the findings of security professionals who evaluated the page and the tool it contained.

The lesson here, is simple: Don’t enter your passwords anywhere except for the applications you’ve established them for. Doing so, even in cases where tools are offered by respected companies, could put your passwords at risk. It’s simply a risk you do not need to take.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.