Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Mark Zuckerberg’s social media accounts hijacked

06 Jun 2016 4 Celebrities, Data loss, Facebook, Hacked, Law & order, Security threats

Post navigation

Previous: At Infosec Europe this week? Would you like a free gift?
Next: Facebook says no, it’s not using your phone’s microphone to spy on you
by Lisa Vaas

Mark Zuckerberg – Mr. Social Media himself – has been the victim of account hijacking.

A hacking group took over the Facebook CEO’s Twitter and Pinterest accounts over the weekend, claiming to have found his (apparently reused!) password by sifting through last month’s password dump of stolen LinkedIn accounts.

That password: “dadada.”

Somebody or somebodies using the name OurMine boasted about the alleged account takeovers, claiming to have found the “dadada” password in the LinkedIn dataset.

That’s bad enough. But they also claimed to have taken over his Instagram account.

An Instagram account hijacking would have been very embarrassing indeed, given that Facebook owns the photo-sharing app.

But on Sunday night, a company spokesman told Sky News and other news outlets that only Zuckerberg’s Pinterest and Twitter accounts had in fact been taken over:

No Facebook systems or accounts were accessed. The affected accounts have been re-secured.

OurMine’s Twitter account has since been disabled. Twitter jumped on the problem quickly, deleting the offending message and getting Zuckerberg back his account.

Media outlets including Venture Beat captured the messages posted before the accounts got wrestled back.

On both Pinterest and Twitter, the messages claimed pwnage of the accounts – “Hacked By OurMine Team” – that they were “just testing your security,” and invited Zuckerberg to “please dm us for contact!”

Here’s a tweet that captured the Twitter version of OurMine’s message:

Ouch. Mark Zuckerberg’s social media accounts have been hacked pic.twitter.com/KvVmXOIg5s

— Ben Hall (@Ben_Hall) June 5, 2016

OurMine’s claim to have gotten into Zuckerberg’s accounts by using a password found in LinkedIn’s data dump points to the possibility that he either reused passwords across multiple sites or that whatever LinkedIn password he was using suggested a format to use in guessing at what tweaked versions he might have used elsewhere.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

This is exactly the kind of situation that gives rise to security experts’ advice to use one unique password for every site. When we reuse passwords, we’re handing the crooks a skeleton key that unlocks all our accounts.

They can get into our social media accounts to embarrass us, get access to our contacts, commit identity theft, and drain our banking accounts.

It’s really a bad idea to use a password twice, and here’s why.

If you haven’t yet changed your LinkedIn password following the publishing of logins, there’s no time like the present!

Here’s hoping that Mr. Zuckerberg’s accounts – and yours! – are all now secured with stronger, and unique, passwords.

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Image of Mark Zuckerberg courtesy of Frederic Legrand – COMEO / Shutterstock.com

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: At Infosec Europe this week? Would you like a free gift?
Next: Facebook says no, it’s not using your phone’s microphone to spy on you

4 comments on “Mark Zuckerberg’s social media accounts hijacked”

  1. Tom says:
    June 6, 2016 at 6:39 pm

    Dumdidumdumb!

    Reply
  2. Brian T. Nakamoto says:
    June 6, 2016 at 9:04 pm

    Twitter should require everyone with a verified account to use 2FA.

    Reply
    • YesSeñorita - Dumb Post says:
      June 7, 2016 at 6:53 pm

      More money to spend? Naahhh. Got hijacked? it’s your fault. “dadada”

      Reply
  3. YesSeñorita - Dumb Post says:
    June 7, 2016 at 6:50 pm

    Who care? What a lame/stupid hackers. What do they think will find? Zuckers. Zuck give a sh*t to his “social media” accounts. got hijacked? No worry: “fix-it-righ-now” phone call.

    Reply

What do you think? Cancel reply

Recommended reads

Nov23
by Paul Ducklin
4

Multimillion dollar CryptoRom scam sites seized, suspects arrested in US

Dec22
by Paul Ducklin
0

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Dec01
by Paul Ducklin
5

The CHRISTMA EXEC network worm – 35 years and counting!

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP