It seems nobody is immune to hackers – not even Mark Zuckerberg.
Just weeks after major password dump from professional networking site LinkedIn was discovered, hackers found the Facebook founder's details on the leaked database of 117 million passwords, and were able to gain access to his Twitter and Pinterest accounts.
Though the account on his own website remains secure, it seems Zuckerberg was not so strict about maintaining security practises across other social networks, and has made the rookie's mistake of using the same password across multiple services.
Yesterday, someone claiming to be from hacker group OurMine Team tweeted from his account 'You were in LinkedIn Database with the password 'dadada'! DM for proof…'
The name of his Pinterest account was changed to read 'Hacked by OurMine Team,' and a message posted on his compromised Twitter account read: 'Hey we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please direct message us.'
The hackers also claimed to have accessed Zuckerberg's Facebook and Intagram accounts, although Facebook denies this, telling VentureBeat that: 'No Facebook systems or accounts were accessed.'
> See also: 117 million LinkedIn users' data up for sale over Darknet
Zuckerberg has not posted on Twitter since 2012, and has only created about four 'pins' on Pinterest, but the hack highlights the serious extent to which password re-use, and simple forms of authentication, can have huge knock on effects to online security.
'It also serves as a reminder that two-step verification, which LinkedIn supports for all of its users, is not enough in this age of rapidly advancing attacker capability,' said Stephen Cox, Chief Security Architect, SecureAuth.
Cox argues that we must innovate in our approach to authentication, taking us far beyond traditional username and password and even vanilla two-factor approaches.
'The cumbersome early days of multi-factor authentication cast a shadow on the technology, but times have changed. Adaptive authentication techniques have a unique advantage of increasing security without a major impact to user experience.'
> See also: Why LinkedIn is a prime target for hackers
Added to this when even those that should know better, like Mark Zuckerberg, fail to stick to the most basic principles, the security industry is clearly not doing a good enough job to educate people.
'Progress will require a reframing of our understanding of what is safe behaviour when connected,' said Cox. 'We must be increasingly vigilant around protecting our identities online.'
Some ways to get started include : avoiding password reuse across multiple sites, adopting the use of a password manager to allow for more complex passwords, and enabling two-factor authentication wherever possible.
