Has Star TV created a Cyber Risk for our cricketers?

Yesterday (29th October 2016), there was an ODI cricket match between India and New Zealand in which we saw the Indian cricketers sporting new tea shirts carrying the names of their mothers on their back. So Dhoni wore a jersy which read “Devaki” and Kohli wore a jersy showing “Saroj”. Other players also wore jersies showing their respective names of their mothers except one in which there was a “printing error” as we understand.

Women rights activists might have hailed the initiative of Star TV as a new found empowerment of women and importance given to the mothers. Apparently it was so. But for those who are aware of “Cyber Risks”, the first thing that struck was that what we were seeing was “mother’s maiden name” which is a typical parameter used for recovery of forgotten passwords in many of the websites. The dates of birth of all these cricketers are already known and that forms another critical parameter of recovery of forgotten passwords.

With two of the forgotten password recovery keys now being available to the millions of viewers, the social media accounts and may be some e-mail and bank accounts of our favourite crickets might have been placed at a risk of compromise.

So far security architects thought that there was some confidentiality in “Mother’s Maiden Name” and used it as a security parameter. This has been destroyed by the Star TV campaign perhaps without realizing the damage they have done to the system.

Now all companies who are using the “Mother’s Maiden Name” as a security parameter should drop it and use some thing else such as “What is your Pet’s Name”?, “What is your Favourite Actor?” etc. This is therefore a Y2K moment for all such companies to spend money to erase the “Mother’s Maiden Name” from the list of security questions.

I am not sure how much cost is there to the community in such a massive exercise ..all caused by some hair brained marketing person and/or the Advertising agency who/which thought of this campaign.

If there is any specific incident following this where a financial loss occurs to any of these cricketers, they should hold Star TV responsible for the loss and claim damages. At the same time, “Due Diligence” and “Reasonable” security practices would require recognition of this cyber risk by the security community and a change of processes wherever it is required to eliminate this “Known Risk”.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.