Commercial research service announces all client passwords changed to "SPRING"
Incident Date: August 1991
Incident Location: New Zealand
The National Library of New Zealand operates an online database service known as Kiwinet. One product, named BRS-Search, can be used to search databases concerning legal, political, and regulatory matters. The service is used by several hundred users and is accessed via dial-up modems. Customers are assigned their own accounts and charged an average of $200 an hour for database access.
A monthly Kiwinet newsletter sent to all customers advised users that their previous password would not work after September 2, 1991. All account passwords would be changed to the default password of “SPRING”. The newsletter also advised customers to change this password as soon as they logged on in order to prevent unauthorized use of, and unwanted charges to, the customer’s account.
Not surprisingly, some customers objected to having their password reset to a value known by all other customers.
Title: Senseless Actions Invite Trouble
Author: Charlie Lear
Publication: RISKS Digest
Volume 12, Issue 21
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.