Companies can learn from hacking of Palin's e-mail

ByABC News
September 18, 2008, 11:54 PM

SEATTLE -- A precocious hacker cracks into Republican vice presidential candidate Sarah Palin's private e-mail account, looking for dirt. In doing so, he opens a Pandora's box of tech security concerns for the presidential candidates but perhaps even more so for Corporate America.

That's the upshot of a fast-developing story playing out on tech websites Valleywag, Gawker, NetworkWorld and others. On Thursday, Kim Zetter, a veteran investigative reporter at Wired News, broke a story describing how a hacker, going by the nickname Rubico, easily changed Palin's Yahoo account password, rifled through her e-mail and posted the password on a popular tech discussion website, 4chan.org.

Other 4chan participants subsequently boasted about accessing Palin's Yahoo account, posting family photos and samples of personal messages widely across the Internet.

A statement from John McCain's campaign condemned the hack as an "invasion of the governor's privacy and a violation of law."

"It's a cautionary tale for all of us," says Owen Thomas, Valleywag's managing editor. "Passwords are easy to guess, and we don't use the extra protection sites like Yahoo offer us."

The digital break-in underscores the risk corporations and government agencies take on when they give tacit approval to extensive workplace use of free, Web-based, applications such as e-mail, instant messaging and toolbars. A recent survey of 60 companies by Palo Alto found them all using a wide variety of different Web mail applications. The most popular: Hotmail, Yahoo Mail, Gmail and AOL Mail.

According to postings by Rubico on 4chan, it took just 45 minutes to reset Palin's password using the Alaska governor's birth date, ZIP code and information about where she met her spouse. The main tool for obtaining Palin's background details: Google searches.

Yahoo declined comment on security features for its free e-mail service.

"We don't comment on the specifics of our security policies so that we don't give a roadmap to hackers and bad actors," says spokeswoman Kelley Benander.