There are several lessons to be learned from a data breach in which hackers gained access to Mark Zuckerberg’s social media accounts, but chief among them is probably this: Discontinue using the exact same password for multiple websites.
A collective that calls itself OurMine boasted that it had broken into a handful including Pinterest, Twitter and LinkedIn. Screengrabs posted by Engadget showed the hackers notifying Mr. Zuckerberg of the infraction using his own Twitter account. Bold move.
“we’re only testing your security, the tweet that is ” read.
In a statement released on Monday, LinkedIn said that it had discovered and removed a fake profile that had been created of Mr. Zuckerberg.
We were alerted of this takeover attempt and have taken action to remove the bogus profile on LinkedIn,” the statement read.
The firm declined to address whether the hack was the result of a bigger information breach in 2012 that endangered over 100 million accounts. LinkedIn has taken steps to invalidate passwords from senior accounts, but the breach against Mr. Zuckerberg reveals that some accounts, especially those that are old or dormant, remain at risk.
“No Facebook systems or accounts were got. The affected accounts have already been re-procured using best practices,” the statement read.
If your account has been compromised, change your password.
Graham Cluley, an online security expert and advisor, said that using the same passwords was a likely reason behind the Zuckerberg hack. OurMine’s Twitter account has since been suspended.)
“It reveals it can happen to anyone — even geeks,” Mr. Cluley said. “The difficulty is that if you have embraced sensible password practices nowadays, your mistakes that are previous may come back to haunt you.”
He also said that wherever possible, you should enrol in two-step affirmation, which sends an authorization code to the user’s cellphone before the account can be opened. Most social platforms exposed to hacking, including LinkedIn, Gmail and Twitter offer it.
Troy Hunt, the creator of Have I Been Pwned and an online security pro?, reiterated that a password manager was the most dependable means to stay safe.
Without this, we risk exposing sensitive info in a sense that it can set other accounts at risk, particularly via a data infraction of one site, which will be becoming an alarmingly common event,” he said.
In a statement to its users on Monday, LinkedIn harked back to the recommended strategies: “All members should be careful to manage and change passwords across other websites, prevent reuse, leverage advanced security features, and update frequently.”