Mark Zuckerberg was hacked. How can any of us stay safe?

A group known as OurMine Team claimed responsibility for hacking social media accounts belonging to the Facebook CEO, who used the same simple password.

|
Eric Risberg/AP/File
Facebook CEO Mark Zuckerberg delivers the keynote address at the F8 Facebook Developer Conference in San Francisco in April. Over the weekend, hackers broke into several of Mr. Zuckerberg's social media accounts, revealing that he had used the same simple password.

Tech billionaires: they forget their passwords, just like us.

A group of hackers broke into Mark Zuckerberg's Twitter and Pinterest accounts over the weekend, revealing the Facebook CEO had reused the same password across several sites.

The hacking group that claimed responsibility, known as OurMine Team, said it obtained Mr. Zuckerberg's password, identified as "dadada," through a large-scale hack of passwords from LinkedIn that originally occurred in 2012.

Zuckerberg had last used his account on social media rival Twitter in 2012, but the hackers also claimed to have broken into his account on Instagram, which is owned by Facebook, a charge the company denied.

While the hack wasn't seriously damaging, it does illustrate a number of problems with passwords made up of letters and numbers.

People often reuse passwords or continue to use "123456" or a variety of passwords that reference "Star Wars," according to one annual "worst passwords" list. But there's also the issue that even passwords that are technically strong are easy for computers to guess.

That's because of increasingly sophisticated software that can use "brute force" – many attempts over and over again – to crack a password. Typically, experts advise using passwords that are 12 characters or longer. Variations in spelling, capitalization, numbers and punctuation also make passwords stronger.

To combat password-cracking software, security expert and cryptographer Bruce Schneier recommends taking a sentence that's personally memorable and turning it into a password.

Examples from the site LifeHacker include:

WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!

PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.

Security experts say using a password manager to keep track of different passwords for a range of sites is also important. They advise enrolling in so-called two-step verification, offered by services such as Gmail and LinkedIn, which sends users a code on their phone each time they want to open their account.

Another important tip is to avoid disclosing personal information online to sources you can't verify, such as the email saying you need to change your Twitter password that appears to come from a strange domain.

It's not clear why OurMine Team decided to hack Zuckerberg's accounts, though the hackers have been involved in other seemingly random or malicious attacks, such as on educational game Minecraft and the website WikiLeaks.

Zuckerberg's position at Facebook — one of the world's largest holders of online data — coupled with comments he once made calling the site's users "dumb" for sharing so much information, may have made him an attractive target.

But more troubling, some consumer advocates say, are the lesser-known data brokers that can offer up millions of users' information for a price.

"It's great that some companies, like Google and Facebook, have very public privacy information, but there are layers and layers of companies who are buying and selling this information whose names you've never heard of using algorithms in ways you could never even imagine," Persis Yu, an attorney at the National Consumer Law Center, said during a panel discussion at the Massachusetts Institute of Technology in March.

Those concerns have fueled the use of alternatives to traditional passwords, such as fingerprints to verify a customer's identity.  Google and Amazon have also been testing technology that lets people verify a payment by taking a selfie.

But until better technology becomes commonplace, taking security precautions is still important, many say.

"In possibly just a few years, passwords will be just one part of a larger continuum of security measures that include chip-and-PIN tools on your credit card, iris scans, facial recognition, and much more," notes Uproxx's Dan Seitz. "Until then, the responsibility of protecting our data falls to us."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Mark Zuckerberg was hacked. How can any of us stay safe?
Read this article in
https://www.csmonitor.com/Technology/2016/0606/Mark-Zuckerberg-was-hacked.-How-can-any-of-us-stay-safe
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe