- Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts were compromised over the weekend, but have since been secured, a company spokesman said Monday.
- Though Zuckerberg has not actively used his Twitter since January 2012, a tweet posted from his account said his password—"dadada"—was in the LinkedIn database exploit. The tweet claimed to have accessed the account and asked Zuckerberg to directly contact them for proof.
- Meanwhile, Zuckerberg's Pinterest page had a headline displaying "Hacked By OurMine Team," which said it was testing his security and asked Zuckerberg to contact them via Twitter.
Though Zuckerberg had two social media accounts compromised, his Facebook page remained unaffected. A Facebook spokesman told Reuters that Zuckerberg's Twitter and Pinterest accounts were "re-secured using best practices" and that "no Facebook systems or accounts were accessed."
Based on claims made via Zuckerberg's own Twitter account, the LinkedIn data breach was to blame for the breach of Zuckerberg's accounts. Last month, LinkedIn confirmed that the 2012 data breach, which revealed email and password combinations, had compromised about 117 million accounts in addition to the 6.5 million passwords previously reported to have been stolen. Though LinkedIn is working to invalidate the passwords, username and password combinations have already been exposed. If users employed the same password across their online accounts, millions more accounts could be at risk.
A Twitter spokesman recommended that people "use a unique, strong password for Twitter" because "a number of other online services have seen millions of passwords stolen in the past several weeks."
But asking users to have unique passwords is easier said than done. In a recent study by Gigya, only 16% of respondents said they follow password best practices with unique passwords for each online account. With the constant looming threat of ransomware and DDoS attacks, user behavior remains a leading cybersecurity risk.
If the LinkedIn data breach is indeed to blame for Zuckerberg's compromised accounts, it serves as another example of password reuse gone wrong. TeamViewer, a service that allows users to remotely log into computers, recently had a number of its accounts become compromised, but pinned the blame on recent password breaches on LinkedIn, MySpace, and other networks.
Some organizations are working to eliminate traditional passwords. Microsoft, for example, is working to ban common passwords found in data breaches to stop users from employing them. Google, too, is working to replace Android passwords with biometrics.