- The Washington Times - Wednesday, March 30, 2016

CNBC pulled an article on digital security from its website on Tuesday after an interactive tool intended to teach readers about using strong passwords was shown to be inadvertently sharing credentials with more than two-dozen advertisers, analytic providers and other third-party services.

In an article titled “This tool tests your phone password security,” data journalist Nicholas Wells included a Web form where readers were asked to type in their credentials to find out how easily they can be cracked by hackers.

“With more and more personal information stored online and in the cloud, password security has gained far greater importance,” he wrote in Tuesday’s article.

By early afternoon, however, technologists and security gurus had realized that CNBC’s website doesn’t use HTTPS, a widely implemented Internet protocol that encrypts Web traffic and prevents hackers from eavesdropping as computers communicate back and forth with one another.

“What could go wrong?” Google software engineer Adrienne Porter Felt asked on Twitter.



Ashkan Soltani, the former senior advisor to the Obama administration’ chief technology officer, soon after tweeted that the interactive tool CNBC had used to demonstrate password security had in fact been sharing whatever data had been typed in the form with numerous third-parties — including at least 30 advertisers and analytic companies, according to Motherboard.

“This is a story of exactly what *NOT* to do when trying to educate users about password security,” Mr. Soltani tweeted.

Christopher Soghoian, a technologist with the American Civil Liberties Union, said on Twitter that CNBC’s inclusion of the supposed password tool was “really irresponsible behavior” on the new portal’s part and could be reason enough for the Federal Trade Commission to consider opening an investigation.

CNBC did not immediately respond to Motherboard’s request for comment.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide