Mark Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend.
The breach apparently happened after the Facebook boss’s login details were exposed via the recent LinkedIn password dump.
This implies Zuckerberg reused passwords across multiple sites or perhaps that the format of the password he chose for other sites was guessable after breaking his LinkedIn login credentials.
Zuckerberg’s Facebook account was not affected. A previously unknown prankster hacking group called Ourmine boasted about the alleged hacks, The hackers claimed that they found his password – dadada – in the LinkedIn dump. The affected accounts were rapidly re-secured, hopefully with a stronger password, and cleaned up. In a statement, Facebook said: "No Facebook systems or accounts were accessed. The affected accounts have been re-secured."
Richard Parris, chief exec at digital identity firm Intercede, commented: “Reports that Facebook founder Mark Zuckerberg’s social media accounts have been hacked should concern us all. If Mr Social Media’s accounts can be compromised, with all of the knowledge and resources he and his team have available, we should all be taking notice. In fact, we should all be very angry – the vast majority of the recently reported account compromises appear to relate to leaked usernames and passwords.”
“It’s been demonstrated time after time that the simple username and password combination is a fundamentally flawed approach to internet security, but that is typically all we are offered to protect our identity and our data,” he added.
Stephen Cox, chief security architect at SecureAuth, argued that the breach highlighted security shortcomings even with stronger two-step verification, where users need to use a code submitted to a pre-registered mobile phone as well as passwords in order to log into online accounts.
“The news that Mark Zuckerberg’s Twitter and Pinterest accounts have been breached following the LinkedIn attack goes to show the serious extent to which password re-use, and simple forms of authentication, can have huge knock on effects to online security,” Cox said.
“It also serves as a reminder that two-step verification, which LinkedIn supports for all of its users, is not enough in this age of rapidly advancing attacker capability. We must innovate in our approach to authentication, taking us far beyond traditional username and password and even vanilla two-factor approaches”. ®