Mark Zuckerberg's Twitter and Pinterest Accounts Hacked
June 06 2016 - 10:20PM
Dow Jones News
Facebook Inc.'s first "security tip" for users is, "Don't use
your Facebook password anywhere else online."
If only Chief Executive Mark Zuckerberg had heeded that
advice.
Mr. Zuckerberg's Twitter Inc. and Pinterest Inc. accounts were
taken over in recent days because he reused a password: "dadada,"
according to a person familiar with the matter. The password had
appeared last month in a database of more than 100 million
usernames and passwords stolen in 2012 from LinkedIn Corp., the
person said. Mr. Zuckerberg appears to have reused "dadada" to log
into Twitter and Pinterest, allowing hackers to take over those
accounts.
The age-old advice to not re-use passwords is particularly
timely at the moment. Beyond the LinkedIn theft, there were also
recent leaks of 360 million email addresses and passwords belonging
to users of MySpace.com. Since May, the website Leakedsource.com,
which sells access to the stolen information, has added close to
one billion records to its database, a LeakedSource representative
said Monday.
The passwords may be several years old, but they can still be
useful to hackers, who then use them to try to break into other
accounts, hoping that they will stumble on users, like Mr.
Zuckerberg, who reuse their passwords.
"You have hundreds of millions of keys and you can try them on
any major collection of locks you can find," said Alex Holden, the
chief information security officer with Hold Security LLC, a
company that investigates data breaches.
The publicity around the hack of Mr. Zuckerberg's accounts may
prompt other attackers to take advantage of the stolen data in the
same way, said Liam O'Murchu, director of Symantec Corp.'s security
response team.
For Mr. Zuckerberg, the consequences of his account takeovers
weren't severe. The hacker who took over his Twitter account posted
his highly insecure "dadada" password to the site. That was
embarrassing, but Mr. Zuckerberg is hardly a power Twitter user: He
has tweeted only 19 times, most recently in 2012.
For a time on Sunday, Mr. Zuckerberg's Pinterest page said
"Hacked by OurMine Team." The group said it was "just testing" Mr.
Zuckerberg's security.
Others have been less fortunate. More than 100 users of
TeamViewer GmbH, a German software company whose software gives
users remote access to computer desktops, have had accounts taken
over since the LinkedIn data was made public. The company believes
the activity is linked to the recent rash of data disclosures.
Hundreds of TeamViewer users have taken to Reddit in recent days
to discuss the account takeovers, with many saying that criminals
had then used TeamViewer to take control of their computers and
authorize transactions through Amazon.com Inc. or PayPal Holdings
Inc.
"These cases of account abuse do not hinge on a TeamViewer
vulnerability," a TeamViewer spokesman said Monday. "They are the
result of account and particularly password mismanagement."
Researcher Gartner Inc. says more than two-thirds of consumers
reuse their passwords. But Mr. Holden of Hold Security believes the
LinkedIn breach may present a particularly alluring opportunity for
criminals, because users are likely to reuse their LinkedIn
passwords in their professional lives. That could expose users'
business data or allow hackers to take over accounts at job or
travel sites.
"I would be worried about this being available to a great many
people," Mr. Holden said. "It looks like some of this data is
already available publicly to many malicious individuals."
"A number of other online services have seen millions of
passwords stolen in the past several weeks. We recommend people use
a unique, strong password for Twitter," a Twitter spokesperson
said.
Pinterest echoed that advice. "We recommend everyone use a
strong and unique password that isn't used on other sites," a
spokeswoman said.
Deepa Seetharaman contributed to this article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
June 06, 2016 22:05 ET (02:05 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Mar 2024 to Apr 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Apr 2023 to Apr 2024