Late last month there was a major leak at LinkedIn that saw the passwords of 6.5 million users leaked online. It later became clear that the massive leak meant that 60% of the passwords used on the LinkedIn social network had been cracked. Among the users caught in that LinkedIn leak was none other than Facebook CEO and founder Mark Zuckerberg. Zuckerberg wasn’t the most secure user on the networks using the same password for LinkedIn as he did for Twitter and Pinterest apparently.
Over the weekend, his Twitter and Pinterest accounts were hacked and the group claiming responsibility for the hack is the OurMine Team. The group says the hacks were thanks to the LinkedIn password dump. Zuckerberg isn’t exactly prolific on either of those networks, his Twitter account has lain dormant since 2012. That doesn’t mean Twitter didn’t react quickly, his account was suspended and then reactivated with the tweet claiming the hack removed.
Presumably, Zuck used a different password for his Facebook account than he did at these other networks. According to the taunt posted to the twitter account, the password was “dadada” which isn’t exactly secure to begin with. The hacker group did claim to have compromised Zuckerberg’s Instagram account as well, but Facebook issued a statement denying that the Instagram account was hacked.
Facebook also noted that no Facebook accounts or systems were accessed. The offending accounts have since been re-secured. Zuckerberg does have a Google+ account, but that account wasn’t hacked. The LinkedIn hack that led to the compromised Zuckerberg accounts was in part because of the way that the passwords were stored at LinkedIn. Reports indicate that the passwords were stored using SHA1 encryption, but weren’t salted. When data is salted, an extra string is added to the password-pre-encryption to prevent brute-force dictionary attacks.