CNBC Pulls Story over Tool That Stored Readers’ Passwords


CNBC was forced to pull a story about password safety on Tuesday, after a password security strength tool on the piece accidentally exposed user’s passwords to advertisers.

The tool included in the story let readers enter their password in order to find out how strong and secure it was. “Try out the interactive tool below. Put in a potential password and see an estimate of how long it would take a computer to crack it,” stated the article just above the embedded tool. “Remember, adding capital letters, numbers and symbols can help strengthen a password.”

Readers were then assured that the “tool is for entertainment and educational purposes only. No passwords are being stored.”

However, the security of the tool was quickly disputed, with technology-literate users pointing out the flaws on social media.

Despite assurances that the entered information was not being stored, it was discovered that the passwords were reportedly being sent to 3rd party advertisers and being stored in a Google Documents spreadsheet.

Kane York, a contributor to the Lets Encrypt project, told PCWorld that he has written macros for Google Docs before and immediately recognised the references and script within the code which indicated it was submitting each password into a new spreadsheet row.

“That ‘row’ increased by one each time I clicked the button,” said York. “I was pretty sure that they were inserting the rows into a spreadsheet.” Although the spreadsheet was “private,” it is currently unknown as to who now has access to it.

The article, written by Nicholas Wells, a data journalist for CNBC, has since been removed but can be accessed via an archive save of the page. CNBC has not yet publicly commented on the situation.

Charlie Nash is a frequent contributor to Breitbart Tech and former editor of the Squid Magazine. You can follow him on Twitter @MrNashington.


Please let us know if you're having issues with commenting.