Mark Zuckerberg Hacked Because of Weak Passwords
It seems Mark Zuckerberg might be a little lazy, or a little stupid, or at the very least a little embarrassed. The undisputed king of social media has had two of his social media accounts hacked. Granted, it was not his Facebook account—just his Pinterest and Twitter accounts, the latter of which he hasn’t used since 2012. A Saudi Arabian hacker team named OurMine has taken credit for the attack, claiming they got his password from the recent dump of information obtained in the LinkedIn data breach from 2012.
Let’s see where Mr. Zuckerberg went wrong by using the safe password development tips (in bold below) from his very own creation: Facebook.
Make sure your password is unique, but memorable enough that you don’t forget it. Supposedly, Zuckerberg’s password was “dadada”.
Don’t use a password that you use on other sites – if one site gets hacked and your password is stolen, hackers will often try it on other sites. Clearly, he used it on at least three sites.
Don’t share your password with anyone. If you think someone else has it, you should change it. When LinkedIn was hacked four years ago, he evidently did not change it on the other sites.
Instead of picking on him further, let’s talk about how this applies to someone really important: you and me.
While Mr. Zuckerberg has had to eat a little humble pie, he likely won’t suffer any serious damage from this incident. Others, however, aren’t so lucky. More than 100 users of TeamViewer, a German software company whose software gives users remote access to computer desktops, have had accounts taken over since the LinkedIn data was made public. The criminals then used TeamViewer to authorize transactions through Amazon or PayPal. The company believes the activity is linked to the recent rash of data disclosures.
There is also the strong possibility that users of LinkedIn may be more likely to use those same passwords in their professional lives. That could expose users’ business data or allow hackers to take over accounts at job or travel sites.
I am constantly amazed by the corporations that I speak to that haven’t yet instilled strong password habits among their employees. They spend hugely on intrusion detection, but don’t take the time or minuscule investment required to solve what I call a gatekeeper flaw. Employees are the gatekeepers of your valuable data, and if they don’t protect it with strong passwords, no amount of security software will cover this inexcusable and easily solvable mistake.
How are you training your people on strong passwords?
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.