According to multiple published reports, Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts were briefly hijacked by a hacker over the weekend. According to the hacker "OurMine Team," the passwords to both of Zuckerberg's accounts were "dadada," the same password the hacker claims that Zuckerberg had used at some point for his LinkedIn account, and which was leaked as a result of the now infamous LinkedIn password data leak.
It should be noted that Zuckerberg barely used his Pinterest account, and other than one tweet that he made in 2012, has not tweeted since 2009 - so we are talking about a takeover of what are effectively abandoned accounts, not active social media profiles -- a security violation orders-of-magnitude less problematic than, for example, if Zuckerberg's Facebook account had been compromised. That said, this episode should remind all of us to properly secure our social media accounts.
As I mentioned last week after Katy Perry's Twitter account was taken over by an unauthorized party, there are several steps that you can - and should - take to protect your social media accounts:
1. Enable dual-factor authentication - Twitter, for example, allows people to turn on a feature that requires users logging into an account for the first time from a particular device to enter a one-time code that the social media platform texts on such occasions to their cellphones. Such a security system makes it harder for criminals to hijack someone's account, and would have prevented a hacker from taking over Mark Zuckerberg's Twitter account without gaining access to Zuckerberg's phone. To be fair, Zuckerberg has not used his Twitter account in years, and the feature was not available when he tried out Twitter; he also may not have cared to use it afterward considering that his account was all but abandoned. If you do use Twitter regularly, however, you should be using multi-factor authentication.
2. Utilize strong passwords for social media accounts - "dadada" is not a strong password. For more information on how to select strong passwords that are easy to remember please see the article entitled: How To Create Strong Passwords That You Can Easily Remember.
3. Do not reuse social media passwords on multiple accounts or for other accounts - A leak of Mark Zuckerberg's LinkedIn password would not have led to his Twitter or Pinterest accounts being hijacked if the passwords were different (and not similar enough for someone to extrapolate - if your LinkedIn password is LinkedIn123 then a hacker may try Twitter123 for your account at Twitter - although these are weak passwords and should not be used anyway).
4. Utilize social media alerts - people using SecureMySocial, for example, receive alerts if inappropriate tweets are issued from their accounts (the tweets would even be automatically deleted if the alert system is so configured) - so they would know immediately that their accounts had been hijacked and be able to react far faster than otherwise. Zuckerberg's accounts may have been restored to his ownership faster if such a system had been in place.
5. Do not accept "friend" or "connection" type requests from unknown parties - The people issuing those requests may have nefarious purposes for trying to access your personal information, and obtaining control of your social media accounts may be one of their goals. For more details about this risk please see the article How to Protect Yourself From LinkedIn-Based Scams.
6. Practice good general information-security hygiene - There are ways that doing so can help protect social media accounts - for example, by preventing malware from capturing relevant passwords and one time codes. Of course, keeping yourself cyber-safe can provide value in other areas of your life as well. For some tips please see the article 13 Tips to Achieve Great Cybersecurity Without Spending a Fortune.