It is now the third time of the year; Mark Zuckerberg has had one of his social media accounts hacked. The group ‘OurMine’ are now claiming to take the credit once again.
In June Mark Zuckerberg had his Pinterest and Twitter accounts hacked, which appeared to be the consequences of poor security decisions – re-using simple and same passwords across multiple services or sites.
Why Mark Zuckerberg?
Zuckerberg isn’t the only victim; other notable accounts of famous personalities like Keith Richards and Katy Perry were hacked. However, Mark Zuckerberg account stands out from the rest, because he’s the CEO of Facebook. Facebook has made tremendous efforts to be privacy conscious and help its users to protect their online identities.
The cause of these hacks connects its ties to the stem of a breach of LinkedIn that occurred in 2012. One of the core principles of best security practice is to:
- Frequently change passwords – especially after an attack of a data breach.
- Not to re-use same passwords between multiple sites or services.
If the reports are right, Mark Zuckerberg is alleged of using same, easy password across multiple sites and continue to do so for the last four years.
Renee Bradshaw, Manager of Solutions Strategy at Micro Focus said, “It’s starting to look like Zuckerberg committed the very human mistake that hackers are counting for us all to make: The re-use of same passwords across multiple online and social media accounts. By doing this, we increase the risk of a single breach of sensitive user information above a single cloud service and a single period of time.”
Stuart McClure, President, and CEO of Cylance said, “If a smart guy like Mark Zuckerberg can get hacked with easily guessed/obtained passwords, then everybody can.”
According to ZDNet, this time it was different. OurMine claimed to have found a vulnerability on the Pinterest platform that allowed them to hijack Zuckerberg’s account. However, the group did not share the details which make their claim nothing more than ‘dubious.’
The group defaced his profile which temporarily read, “Don’t worry, we are just testing your security” and included a link to OurMine blog. The changes were quickly retracted. The group also claimed to have hacked Zuckerberg’s Twitter password but were unable to sign in due to two-factor authentication enabled on his account.
What is the group’s motive? They are trying to solicit their business, as it seems. OurMine has found offering its security services to some of its victims in the past.