Facebook founder Mark Zuckerberg has become the latest victim of hackers who managed to breach his social media accounts including Twitter and Pinterest.
Someone posted to Zuckerberg’s Twitter feed on 6th June, claiming to have found his password in account information leaked from LinkedIn. A group calling itself the OurMine Team took credit for breaking into Zuckerberg’s Twitter, Pinterest and Instagram accounts, but there’s no evidence that the Instagram account has been breached.
“You were in LinkedIn Database with password ‘dadada’,” read a message supposedly posted by hackers from Zuckerberg’s @finkd Twitter account.
It’s worth noting that Zuckerberg or his representatives rarely use this account, the last tweet dating from January 2012 and the previous one from March 2009.
Facebook representatives did not immediately respond to a request for comment.
It has been reported that social media accounts of other celebrities including founding Rolling Stones member Keith Richards, American comedy rock duo Tenacious D and late TV personality Ryan Dunn were also compromised.
If indeed the breaches were related to the recently leaked database of LinkedIn accounts that was stolen in 2012, they highlight why it’s important to use different passwords for different online accounts.
Websites can have different security levels for storing user passwords. As past breaches have shown, some websites store passwords in plain text, while some store hashes – cryptographic representations of those passwords.
In the case of LinkedIn, the company stored password hashes, but they were generated using an insecure function called SHA1, making most of them easily crackable.
Users are better off assuming that any website will be compromised at some point and that their password used on that website will be exposed. With that in mind, it’s best to limit the potential damage by using unique, complex passwords for each online account.
A password manager application can make dealing with multiple passwords easier and if a website offers two-factor authentication as an account security measure, it’s a good idea to use that too.