The first victim to come to light from the series of recent data breaches is Facebook CEO Mark Zuckerberg.
His Twitter and Pinterest accounts were hacked over the weekend. The hackers allege his credentials were found in the LinkedIn breach that grabbed headlines two weeks ago.
The hackers were able to use the same login and password used on Zuckerberg's LinkedIn page and apply these to others. His password was 'dadada'.
Reuters reported Zuckerberg's Twitter account, @finkd, last used four years ago, posted a tweet: "Hey, @finkd You were in LinkedIn Datatbase with the password 'dadada' ! DM [direct message] for proof."
Zuckerberg's Pinterest page, meanwhile, was defaced with the headline "Hacked By OurMine Team", according to Reuters. The posts have since been removed.
A Facebook spokesperson said the affected accounts have been re-secured and no Facebook systems or accounts were accessed.
Around 117 million LinkedIn account credentials were exposed from a hack in 2012. This follows a series of major breaches in the last few months.
The exposure of over 360 million credentials from the once popular social network, MySpace, was reported last week. Similarly, data from a breach on Tumblr in 2013 exposed over 50 million accounts recently.
The information is not from new hacks, but rather data that was gathered from hacks a few years back and only now being sold on the dark Web.
Da da da
Social media users have been musing on what Zuckerberg's password could mean. Some have said it is a reference to a popular song from the early eighties with the same name. Others think it may have just been an easy password to type with one hand without looking at the keyboard.
Whatever the reason, it highlights how people rely on easy-to-remember passwords.
ICT commentator Adrian Schofield says: "It certainly makes no difference who you are. If you ignore some fairly simple rules [such as multi-step verification], you leave your data open to anyone."
He says the risk is fairly low for most people (Twitter and Pinterest are unlikely to link to financial data), unless sensitive personal data is posted on social media.
However, he notes, "it's not just about hacking, it's about the real risk of identity theft that leads to actual theft of money and other assets".
"As embarrassing as it is for the 'rich and famous' to be hacked, there are many more of us who were placed at risk by the LinkedIn leak. Have we all changed our LinkedIn password? You can guarantee that someone out there will see what they can find through your LinkedIn account, if yours was in the leaked group."
Weakest link
Schofield says we need to move to a better system of verifying the user's identity, as it is human nature to take the quick and easy route with passwords.
"Often, we set one at the outset, meaning to update it regularly, but then forget about it. We are tempted to use a common password, which may be reasonably strong but, once hacked, opens the door to all our applications.
"Or we use a master password application, which carries the same risk."
Schofield says some characteristics that cannot easily be copied need to be used to verify identity.
"Maybe DNA is the way to go, if the innovators can create a miniaturised means of testing it."
Share