A group of hackers compromised the Twitter and Pinterest accounts of Facebook founder Mark Zuckerberg.
On Sunday, a hacker group known as “OurMine” found Mark Zuckerberg’s information from the 2012 LinkedIn security breach.
Curious, the hackers decided to test his LinkedIn password, which was apparently “dadada,” across multiple social media accounts.
Ars Technica reports the group quickly obtained access to Zuckerberg’s Twitter and Pinterest accounts, unauthorized access which it abused to plaster its logo on the Facebook founder’s compromised profiles and to send out offensive messages.
Ouch. Mark Zuckerberg's social media accounts have been hacked pic.twitter.com/KvVmXOIg5s
— Ben Hall (@Ben_Hall) June 5, 2016
OurMine is well known for hacking social media profiles, though it has since expanded its activities to launching distributed denial-of-service (DDoS) attacks against financial institutions, writes Catalin Cimpanu of Softpedia.
The group is believed to consist of a small number of teenage hackers based in Saudi Arabia.
After OurMine successfully took over Mark Zuckerberg’s accounts, Twitter and Pinterest both sprang into action to remove traces of the group’s activities.
The hackers claim to have also gained access to the Facebook founder’s Instagram account, but Facebook, which owns the photo-sharing application, has denied those claims, stating: “No Facebook systems or accounts were accessed.”
Stephen Cox, chief security architect at SecureAuth, feels this hack and the LinkedIn breach more generally demonstrate the dangers of poor password practices:
“The news that Mark Zuckerberg’s Twitter and Pinterest accounts have been breached following the LinkedIn attack goes to show the serious extent to which password re-use, and simple forms of authentication, can have huge knock on effects to online security.”
To protect their information against future security breaches, users should never recycle one password across multiple accounts. Instead they should create strong, unique passwords for each of their web accounts. They should also consider implementing two-step verification (2SV) or two-factor authentication (2FA) on their accounts as an additional layer of security.