Sophos Cloud Optix
Mark Zuckerberg – Mr. Social Media himself – has been the victim of account hijacking.
A hacking group took over the Facebook CEO’s Twitter and Pinterest accounts over the weekend, claiming to have found his (apparently reused!) password by sifting through last month’s password dump of stolen LinkedIn accounts.
That password: “dadada.”
Somebody or somebodies using the name OurMine boasted about the alleged account takeovers, claiming to have found the “dadada” password in the LinkedIn dataset.
That’s bad enough. But they also claimed to have taken over his Instagram account.
An Instagram account hijacking would have been very embarrassing indeed, given that Facebook owns the photo-sharing app.
But on Sunday night, a company spokesman told Sky News and other news outlets that only Zuckerberg’s Pinterest and Twitter accounts had in fact been taken over:
No Facebook systems or accounts were accessed. The affected accounts have been re-secured.
OurMine’s Twitter account has since been disabled. Twitter jumped on the problem quickly, deleting the offending message and getting Zuckerberg back his account.
Media outlets including Venture Beat captured the messages posted before the accounts got wrestled back.
On both Pinterest and Twitter, the messages claimed pwnage of the accounts – “Hacked By OurMine Team” – that they were “just testing your security,” and invited Zuckerberg to “please dm us for contact!”
Here’s a tweet that captured the Twitter version of OurMine’s message:
Ouch. Mark Zuckerberg’s social media accounts have been hacked pic.twitter.com/KvVmXOIg5s
— Ben Hall (@Ben_Hall) June 5, 2016
OurMine’s claim to have gotten into Zuckerberg’s accounts by using a password found in LinkedIn’s data dump points to the possibility that he either reused passwords across multiple sites or that whatever LinkedIn password he was using suggested a format to use in guessing at what tweaked versions he might have used elsewhere.
This is exactly the kind of situation that gives rise to security experts’ advice to use one unique password for every site. When we reuse passwords, we’re handing the crooks a skeleton key that unlocks all our accounts.
They can get into our social media accounts to embarrass us, get access to our contacts, commit identity theft, and drain our banking accounts.
It’s really a bad idea to use a password twice, and here’s why.
If you haven’t yet changed your LinkedIn password following the publishing of logins, there’s no time like the present!
Here’s hoping that Mr. Zuckerberg’s accounts – and yours! – are all now secured with stronger, and unique, passwords.
(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)
Image of Mark Zuckerberg courtesy of Frederic Legrand – COMEO / Shutterstock.com
Dumdidumdumb!
Twitter should require everyone with a verified account to use 2FA.
More money to spend? Naahhh. Got hijacked? it’s your fault. “dadada”
Who care? What a lame/stupid hackers. What do they think will find? Zuckers. Zuck give a sh*t to his “social media” accounts. got hijacked? No worry: “fix-it-righ-now” phone call.