CNBC shared your Password with Advertisers

CNBC website silently shared your passwords to third parties, according to reports. CNBC’s blog The Big Crunch, recently published an article “Apple and the construction of secure passwords,” offering tips on how to create a secure password.

cnbc passwords

CNBC shared your Password

The article included a password checking tool to test the password strength. Thankfully, security expert Adrienne Porter Felt from the Google Chrome security team noticed that all passwords types in the form were unintentionally saved in a Google spreadsheet and were exposed to the third party marketers. Supposedly, the passwords were also stored in HTTP log files on the destination server.

Sophos reports,

“CNBC made things worse by sending unencrypted passwords to their server as a parameter in the page’s URL, which meant that anything else that the URL was shared with, such as 3rd party advertisers and web analytics providers, got a copy of the password being tested too”.

However, CNBC withdrew the article as soon as the issue was reported but it is still available in the cached form. Security firm Sophos stated that CNBC password tool saved the details on a non-secure, old and unencrypted HTTP connection making the hack-prone. Furthermore, your passwords were also added to the end of the reloaded URL of CNBC’s webpage.

Generally, the trusted password strength meters use the client-side code to test your password which runs in your browser and limits to your device. zxcvbn used by Dropbox and WordPress is one such password testing tool. As per the security norms, personal details like passwords should be sent over the secured and encrypted HTTP connection, but CNBC used server-side code thereby sending the passwords over the internet to a server leaving them open for marketers and hackers.

While CNBC tried to offer some genuine tips to get a strong password, but things went bad somehow.

Posted by with Tags
Shiwangi Peswani is a qualified writer and a blogger, who loves to dabble with and write about computers and the Internet. While focusing on and writing on technology topics, her varied skills and experience enables her to write on any topics which may interest her.


  1. Sending back

    You don’t mention that their website code was created by a company based in India. Hmm…

  2. Gurumurthy

    … Hmm. so you saw only the skin color?

  3. Sending Back

    No, just total stupidity from a specific set of people.

  4. Gurumurthy

    I think there is name for this attitude. Its called racialism.
    Go back to munching your chips, you retard!

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 9 =