Cybersecurity fail: US ISP tells customers to change Wi-Fi passwords to support Super Bowl teams

A cable internet provider in the US has been mocked for encouraging its customers to change their Wi-Fi passwords to support the football teams going to battle in the first game of the Super Bowl on Sunday 5 February.

In a sweet but rather misguided gesture to rile up excitement for the upcoming Super Bowl, Charter Spectrum, the second largest cable TV and internet service provider (ISP) in the US, tweeted on Monday 23 January: "Change your WiFi password and show guests where your loyalty lies! #ThatsMyTeam".

The idea was for all customers to show their team pride by changing their Wi-Fi passwords to say either "GO_NEWENGLAND" or "GO_ATLANTA" in support of the New England Patriots and the Atlanta Falcons. The problem with this is that it's a really bad idea.

It's pretty much telling customers to make their Wi-Fi networks insecure and easy to hack into, as well as letting hackers know that password to use to gain access to someone's Wi-Fi.

Perhaps the cable provider actually meant that it wanted users to change their router SSID – the name that shows up when you look up available Wi-Fi networks near to your device – which would make more sense as the name is broadcast publicly, and this poses no cybersecurity risk.

Having a shorter, easy-to-guess password means that hackers can gain access to your network to steal your internet bandwidth, snoop on your web browsing activity and hijack your internet in order to conduct man-in-the-middle attacks to secretly alter the regular communications you are making over your Wi-Fi network with websites for nefarious purposes.

Despite being tweeted at by cybersecurity experts, regular users and IT professionals about the dangers of their Super Bowl social campaign, including Slack's chief security officer Geoff Belknap, Charter Spectrum hasn't responded, but the tweet has now been deleted. The firm has also not responded to any media requests for comment.