Hawaii officials are facing some backlash after a recent photo resurfaced online showing a password written on a Post-it style note.
The Associated Press photo was taken in July and has resurfaced on Twitter, Business Insider reported. It shows a Hawaii Emergency Management Agency officer posing in front of a few monitors.
But upon further inspection, similar sticky notes can be found on two of the monitors. One of those notes reads "Password: Warningpoint2." The other reminded users to "SIGN OUT."
The photo is now raising questions about the agency's cybersecurity practices following the false alert of an inbound missile sent out to Hawaii residents on Jan. 13. The agency initially denied that their system was hacked and said that an employee had simply erred on a drop-down menu
"It was a mistake made during a standard procedure at the changeover of a shift, and an employee pushed the wrong button," Gov. David Ige told Business Insider.
But agency spokesman Richard Rapoza has revealed that the password shown in the photo is in fact authentic, Hawaii News Now reported. He said it was being used for an "internal application," and that he believes it is no longer in use.
"It wasn't for any major piece of software," Rapoza told Hawaii News Now. He admitted that having the password on display in plain sight was not a good idea, especially in this case, as there were news cameras around.
Rapoza said the false alert and the photo revealing the password are not the only problems he's faced in the same week. He said the agency is also working to debunk an internet conspiracy that claims the missile alert was real and that Hawaii is trying to cover it up.
"It's absolutely ridiculous," Rapoza said. "People need to be careful what they read on the internet."
Rapoza said the agency will be looking to improve their interface in order to prevent a future false alarm. He added that their current interface is based on FEMA best practices, meaning that the agency's vendor had to put as much emphasis on the alarm being able to go out quickly.
Still, the photo became a point of ridicule by social media users.
"Massive amount of intel in one photograph. Failure on so many levels," wrote one Twitter user.
"Not surprised," wrote another. "[Governmental organizations] and public sector are generally pretty bad at things as such. Also users with no cyber security awareness training do tend to employee such practises."