Facebook Chief Online Accounts Hacked

John Lister's picture

Two online accounts belonging to Facebook chief Mark Zuckerberg have been hacked. The incident, thought to have resulted from a LinkedIn data breach, is a high profile example of the dangers of poor password choices.

The hackers, calling themselves OurMine Team, took control of Zuckerberg's Twitter account and posted a message informing him of the breach. They also claimed to have accessed his Pinterest account (which appears to be correct) and his Instagram account, which doesn't appear to be the case.

Perhaps the one point of relief for Zuckerberg is that his Facebook account was not affected by the incident. The Twitter and Pinterest accounts are now back under his control.

Password Was 'Dadada'

The hackers claimed that they were able to get into the accounts after discovering Zuckerberg's details among a recently released stolen database of login details from LinkedIn. The claim is that he used the same password for LinkedIn, Twitter and Pinterest, making the unauthorized account access a complete breeze. (Source: engadget.com)

If the hackers are to be believed, Zuckerberg's password was the remarkably simple "dadada," which has prompted some debate about why he chose the term. Given the LinkedIn hack took place in 2012, it is clear that the password has nothing to do with his recently born daughter. (Source: vanityfair.com)

Assuming the claims are correct, Zuckerberg not only reused the same password on multiple sites, but chose the weakest possible password for each site, which included six letters with no numbers or symbols.

Accounts May Have Been Abandoned

It also looks highly likely Zuckerberg had not elected to add two-factor authentication to the accounts, an option offered by LinkedIn and Twitter. Had he done so, any attempt to access his account from a "new" computer would have triggered a security code being sent to his phone and access blocked until the code was typed in.

The Pinterest account in question had barely been used while, prior to the hack, the last post Zuckerberg made on the Twitter account was 2012. That suggests he had effectively abandoned the accounts but left them active, which is likely why he hadn't changed the passwords for years.

What's Your Opinion?

Are you surprised at such a high profile online figure using weak security practices? Have you abandoned using any major websites and if so have you closed the account or gone back and changed the password since?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

In this day and age of social networks, single sign-ons and security breaches, it is very surprising to learn that Zuckerberg used the same weak password for those accounts. If that's the case - either he simply didn't care, or he is incredibly simple-minded when it comes to security. My guess is with the former.