[
link to www.telegraph.co.uk]
When Mark Zuckerberg first built Facebook in his Harvard dormitory, he joked about the disregard that the social network's early users apparently had for their security.
“I have over 4,000 emails, pictures, addresses… people just submitted it. I don’t know why. They ‘trust’ me. Dumb f***s,” he told a friend.
As it turns out, Zuck’s own security credentials don’t live up to the mark: On Sunday night, both his Twitter and Pinterest accounts were broken into.
The hackers that accessed his account – a group called OurMine – did not reveal or tweet anything damaging; they simply posted messages revealing that the account had been accessed.
he consequences could have been a lot worse, of course. Private messages or personal account information could have been accessed, especially if Zuckerberg was a little more active on the rival social networks than he is (his last tweet was in 2012 and he has pinned a grand total of four items).
But it’s not just this that should worry us. It’s the brutal simplicity with which the boss of the world’s biggest social network had his accounts compromised.
It was this simple: In 2012, hackers stole 117 million password and email combinations from LinkedIn. A few weeks ago, the cache was put up for sale on the dark web for around £1,500. Located in that list, reportedly, was Mr Zuckerberg.
His password, unbelievably, was “dadada”, itself a security nightmare: it would take under 25 seconds for a brute force attack to crack it, according to one password checker. No capital letters, numbers or any other device. In security rankings, it sits not too far above “abcdef” and “p4ssw0rd”.
How to pick a password
Not only that, Zuck had the same password for Pinterest and Twitter as he did for LinkedIn. Once hackers had his LinkedIn password, it didn’t really matter how complex it was: it’s just as easy to copy and paste a 26-character string of gibberish as “dadada”.
United States
