First the hackers came for Katy Perry. Now they’ve come for someone who should know better than to use the same password on multiple sites: Mark Zuckerberg. Turns out he’s as dumb as the rest of us.
Zuck’s Twitter and Pinterest (though, crucially, not Facebook) accounts were hacked over the weekend, and, supposedly, it wasn’t even that hard. The OurMine Team that took credit posted on Twitter they they got in because his password was among those leaked in the LinkedIn data breach back in May — suggesting that even the Facebook co-founder isn’t disciplined enough to remember a unique password for every social media account. OurMine also claimed that his password was “dadada”, but that is, let’s hope, probably not true. (At least it wasn’t “123456"? Or “password”?)
Considering that Zuckerberg hasn’t even tweeted since 2012, Twitter and Pinterest accounts aren’t really that crucial. More importantly, OurMine claimed that it hacked his Facebook-controlled Instagram account, but there was no proof, and Facebook of course denied that any of its systems were breached. All accounts have been restored now, and the OurMine Team’s Twitter has been suspended.
If it makes him feel any better, Zuck isn’t alone, though his breach was probably the most embarrassing. Over the weekend alone, the Twitter accounts of Kylie Jenner, Keith Richards and Tenacious D — the last of which started a hoax that Jack Black was dead — were all hacked. There’s no evidence that it’s all connected, or that the celebrity passwords were also leaked from the LinkedIn database. That said, LinkedIn has a lot to answer for. Its most recent leak aside, the full dump from the site’s 2012 breach, a gold mine for hackers, recently dropped.
Bad password security is a problem that no one has seemed to be able to fix. Brain scans and audio of the sound of the skull have been suggested as a more secure alternative, but they’re a way off. Until then, there’s two-factor authentication on sites like Instagram and Microsoft is using publicly available information to ban people from using the most common passwords. But using an uncommon password with 14 digits and three special characters won’t help if it’s the only string of characters you can ever remember.