Facebook founder Mark Zuckerberg has had extraordinary success at building a social network that has attracted over a billion users. But that’s not to say that he’s had such luck in every other area of IT. Take securing his online accounts from attack, for instance.
To misquote Oscar Wilde’s “The Importance of being Earnest”:
“To lose control of one social media account, Mr Zuckerberg, may be regarded as misfortune; to lose multiple looks like carelessness.”
The hacking group OurMine has targeted Zuckerberg for the second time in recent months, managing to break into his Pinterest account and posting a message suggesting they could help him with his online security:
“Hacked By OurMine (Read the description)
“hey, it’s OurMine, don’t worry we are just testing your security, please contact us to tell you more about that and help you to keep your accounts safe”
Back in June when Mark Zuckerberg’s Twitter, LinkedIn, Instagram and Pinterest accounts were hacked, the blame was put on him for reusing the same password – the monumentally insecure “dadada” – that was uncovered by the hackers behind the mega-breach at LinkedIn.
OurMine claims that its latest breach of Zuckerberg’s Pinterest account did not rely upon shared credentials being found in leaked databases. Instead it told ZDNet that it relied upon an “exploit on Pinterest”.
Whether such an exploit, if it exists, could be used against millions of other Pinterest users is unclear. OurMine isn’t sharing any more information, which leaves its claim open to question.
The hacking group also claimed to have determined the password for Zuckerberg’s Twitter account, but it was foiled from hijacking that as it seems Facebook’s founder has enabled login verifications since he last suffered a breach.
In other words, things could have been worse.
My advice for users is to always choose unique, hard-to-crack, impossible-to-guess passwords for their online accounts, as well as to further harden their defences by enabling two-step verification/two-factor authentication when made available by services.
Multi-factor authentication is not a cast-iron guarantee that your online accounts will never be hacked, but it certainly can make a hacking attack much more difficult for an attacker to accomplish. When faced with such a challenge, many criminals may decide to find an easier head to scalp.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.