New ‘North Korean Facebook’ Hacked Because the Password Was ‘Password’

By

Last week, security researchers reported on a new North Korean website designed to look exactly like Facebook (The real Facebook is, shockingly, currently banned in the country.) But it only took a few hours and one Google-savvy teenager with a computer to hack into it.

The problem? The “Best Korean Social Network,” (catchy name, no?) got about as creative as your aunt who still has an AOL account when choosing a user name and password for the administrator account on the site. In fact, whoever set up the site didn’t bother to change them at all, instead opting to user the pre-set username, “Admin,” and pre-set password, “password,” which made it possible for Scottish college student Andrew McKean to hack, or more accurately, log, into the site, Motherboard reports.

McKean said getting into the admin account was simple after he discovered that the North Korean site appeared to have been built using phpDolphin, a program which makes it easy for anyone to build an off-the-shelf Facebook clone (think preexisting framework where you just have to add pertinent information without having to, you know, actually code your own social network.) Once he found the phpDolphin pre-sets, getting in was “easy enough,” and McKean says he had access to user accounts, the ability to censor content, and could have even changed the site name.

Fortunately for North Korea, McKean’s only change to the site was a small, sponsored message reading “Uh, I didn’t create this site just found the login.” Still, the site appears to have been taken down anyway.

Moral of the story: For the love of Kim Jong-un, please stop using “password” as your password.