When we were children, our role models seemed invincible. Could any five-year-old imagine a Superman who was less than perfect? Then, as you grow older, you realize that even the most admirable people are still human after all. It’s the same for today’s youngsters looking up to tech titans. Facebook founder and CEO Mark Zuckerberg was recently hacked, in a manner that shows anyone can make online security mistakes.
Let’s start with the facts. Over the weekend, many of Zuckerberg’s social media accounts were hijacked. A criminal group called OurMine Team took control of the Facebook CEO’s Twitter, Pinterest, and LinkedIn profiles. While his Instagram and Facebook accounts were unaffected, cybercriminals used the accounts hacked on other platforms to post rogue comments.
At a surface level, this incident isn’t so strange. It’s no surprise that someone as famous as Mark Zuckerberg is targeted by cybercriminals. It was only last week singer Katy Perry’s Twitter account was compromised by malicious hackers. In fact, celebrities are actively looking for cybersecurity experts to add to their entourages, to bolster online security in today’s always-on, digital age.
There is, however, one detail that makes this particular incident stand out. The perpetrators claim that Zuckerberg’s own human error led to the breach. OurMine Team stated in a tweet, “Hey @finkd [Zuckerberg’s Twitter handle], you were in LinkedIn Database with the password ‘dadada’!”
What they are referencing is a 2012 LinkedIn data breach—the one with repercussions that recently resurfaced. Presumably, Zuckerberg’s credentials were exposed in that attack. According to the cybercriminals’ version of the story, by looking at the data, they discovered the password for his LinkedIn profile. They simply used the same password for his other social media accounts and cracked in. If this is true, Zuckerberg would have broken the most basic of security rules: avoid simple passwords, and don’t use the same password for different accounts.
We haven’t validated whether OurMine Team’s story is accurate, as the incident is still under investigation. It certainly is hard to imagine someone with such a deep understanding of digital technology making a simple security mistake. But the fact of the matter is, we’re all human. If leaders of the tech industry can be exposed by common mistakes, there’s an important lesson to be learned: no one is immune to an online hack, and absolutely everyone should be using cybersecurity best practices to protect themselves online.
Here are a few ways you can get started:
- Use complex passwords. While password1234 or dadada may be convenient and easy to remember, they’re not very high on the security scale. Cybercriminals will break into accounts by trying the most common, simplest combinations first. The first step to securing an account is using a complex password, made up of letters, numbers, and special characters. You can also learn more about layered password security here.
- Never use the same password for multiple accounts. After a data breach, criminals will try using compromised email and password combinations to crack into other online services. Many claim this is exactly what happened in the Zuckerberg hack. To make sure crooks never obtain a master key for all your accounts, use unique passwords for each profile.
- Check for news of data breaches. Stay up to date on security news as a precaution, should a service you use ever suffer a breach. Data breaches may reveal sensitive information beyond simple passwords, so keep watch on what’s happening in the world of cybercrime. The earlier you learn of an attack, the quicker you can act to take needed security measures.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.