3 Important Security Lessons to Learn from Zuckerberg Getting Hacked
Facebook CEO Mark Zuckerberg had his Twitter and his Pinterest accounts hacked. Here’s how and why it happened, and the 3 important security lessons we must learn from it.
Before I go on, I have to remind you about another celebrity, mainly Katy Perry. Her Twitter account, which is the most popular on the entire network, was recently hacked. Following the incident, security company Avira shared 3 tips on how to avoid something like that happening to you.
How did Zuckerberg get hacked?
The brief answer is that he used the same password for multiple accounts. And if that wasn’t bad enough, he chose a weak password, mainly "dadada."
The longer story goes something like this. Back in 2012, LinkedIn was hacked and some of its members' passwords were compromised. LinkedIn responded with a mandatory password reset for all accounts it believed were compromised. On top of that, LinkedIn in advised all its members to change their passwords.
Skip ahead to May 2016, when LinkedIn uncovered that a new database was released, with additional names and passwords from the original data breach in 2012. Turns out that Mark Zuckerberg's password – "dadada" – was included in this new database. Someone spotted Zuckerberg’s password and tried it on his Twitter and Instagram accounts. Surprisingly, it worked.
Zuckerberg’s Twitter and Pinterest accounts were hacked because he recycled the same password. At least he didn’t use the same password for his Facebook account.
The 3 security lessons we must learn from this
1. Pick a strong password for your online accounts
People are drawn to simple passwords that contain characters strings or repeated characters, such as 123456, qwertyui, or in this case dadada. Such passwords will be brute forced in mere seconds. So stay away from them!
Simplicity makes passwords week. Complexity makes them strong. So don’t use dictionary words, don’t use character strings, don’t use repeated characters, and don’t use easily guessable things like your dog’s name or your birthday.
Pick a password that contains at least eight characters. It must include lowercase letters, uppercase letters, numbers, and special characters.
2. Never recycle passwords
What happened to Zuckerberg perfectly explains why you shouldn’t recycle passwords. Using the same password over and over again is like having lots of locked doors that open with the same key. If someone manages to steal our LinkedIn password, that someone will be able to hack into your Twitter, your Pinterest, and all your other accounts.
If you are going to recycle passwords – but you really shouldn’t! – then at least enable two-factor authentication. Even if someone steals your password, two-factor authentication won’t let the hacker access your account.
3. Stay in the know
I stay up to date on the latest security news because it’s part of my job. You too should stay up to date on the latest security news, just as a precaution.
“Data breaches may reveal sensitive information beyond simple passwords, so keep watch on what’s happening in the world of cybercrime,” says Gary Davis, Chief Consumer Security Evangelist with Intel Security. "The earlier you learn of an attack, the quicker you can act to take needed security measures."
If you don’t want to follow the latest security news, there are several websites that can tell you if there’s something to worry about:
Before I go on, I have to remind you about another celebrity, mainly Katy Perry. Her Twitter account, which is the most popular on the entire network, was recently hacked. Following the incident, security company Avira shared 3 tips on how to avoid something like that happening to you.
How did Zuckerberg get hacked?
The brief answer is that he used the same password for multiple accounts. And if that wasn’t bad enough, he chose a weak password, mainly "dadada."
The longer story goes something like this. Back in 2012, LinkedIn was hacked and some of its members' passwords were compromised. LinkedIn responded with a mandatory password reset for all accounts it believed were compromised. On top of that, LinkedIn in advised all its members to change their passwords.
Skip ahead to May 2016, when LinkedIn uncovered that a new database was released, with additional names and passwords from the original data breach in 2012. Turns out that Mark Zuckerberg's password – "dadada" – was included in this new database. Someone spotted Zuckerberg’s password and tried it on his Twitter and Instagram accounts. Surprisingly, it worked.
Zuckerberg’s Twitter and Pinterest accounts were hacked because he recycled the same password. At least he didn’t use the same password for his Facebook account.
The 3 security lessons we must learn from this
1. Pick a strong password for your online accounts
People are drawn to simple passwords that contain characters strings or repeated characters, such as 123456, qwertyui, or in this case dadada. Such passwords will be brute forced in mere seconds. So stay away from them!
Simplicity makes passwords week. Complexity makes them strong. So don’t use dictionary words, don’t use character strings, don’t use repeated characters, and don’t use easily guessable things like your dog’s name or your birthday.
Pick a password that contains at least eight characters. It must include lowercase letters, uppercase letters, numbers, and special characters.
2. Never recycle passwords
What happened to Zuckerberg perfectly explains why you shouldn’t recycle passwords. Using the same password over and over again is like having lots of locked doors that open with the same key. If someone manages to steal our LinkedIn password, that someone will be able to hack into your Twitter, your Pinterest, and all your other accounts.
If you are going to recycle passwords – but you really shouldn’t! – then at least enable two-factor authentication. Even if someone steals your password, two-factor authentication won’t let the hacker access your account.
3. Stay in the know
I stay up to date on the latest security news because it’s part of my job. You too should stay up to date on the latest security news, just as a precaution.
“Data breaches may reveal sensitive information beyond simple passwords, so keep watch on what’s happening in the world of cybercrime,” says Gary Davis, Chief Consumer Security Evangelist with Intel Security. "The earlier you learn of an attack, the quicker you can act to take needed security measures."
If you don’t want to follow the latest security news, there are several websites that can tell you if there’s something to worry about:
- Have I been pwned? – check if you have an account that has been compromised in a data breach.
- BreachAlarm – monitors the Internet for your passwords being compromised and posted online.
- Hacked Emails – anonymously check if your email has ever been compromised in a security breach.
