Paris's password reset question proves to be a poor choice

Incident Date: February 19 2005
Incident Location: USA

Paris Hilton has found herself in the news for a variety of reasons. It was only a matter of time before she was serving as an example of poor security practices.

Ms. Hilton’s pet Chihuahua Tinkerbell had become a bit famous herself after appearing on TV show The Simple Life and other public venues with her owner. So, it shouldn’t surprise anyone to hear that Ms. Hilton adores the animal.

Unfortunately, making this knowledge public resulted in yet another invasion of Ms. Hilton’s privacy. As a customer of T-Mobile’s telephone service Ms. Hilton could access her account over the Internet. While logged into T-Mobile’s Web site she could read emails, view pictures taken with her Sidekick II phone, review telephone records, and make other changes to her service.

Like most online services T-Mobile tries to help customers who have forgotten their account password. By answering a predefined secret question the customer can reset their password and regain access to their account. Since the answer to this question is equivalent to a password it must be kept equally secret. As you’ve probably guessed, Ms. Hilton’s secret question was “What is your favorite pet’s name?”.

Hackers apparently took this backdoor approach to reset Ms. Hilton’s password and infiltrate her T-Mobile account. On the weekend of February 19, 2005 a group calling themselves the “Niggas at DFNCTSC” posted the contents of Ms. Hilton’s T-Mobile address book, notes, and photo folder on a Web site. The address book contained several hundred phone numbers and email addresses, some of which were linked to other celebrities.

T-Mobile took action to block unauthorized access to Ms. Hilton’s account after being notified of the breach. A spokesperson said they were “actively investigating” the incident.

Story Sources

Title: How Paris Got Hacked?
Author: Brian McWilliams
Date: 2/22/2005
Publication: O'Reilly Network
Publication Location: USA
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016