Over the weekend, hackers briefly infiltrated several social media accounts, including a LinkedIn account, held by Facebook founder Mark Zuckerberg, apparently tapping into passwords that he reused, according to various reports.
Zuckerberg’s Twitter account was hacked by OurMine Team, which posted a tweet from his account noting, "Hey, @finkd You were in Linkedin Database with the password (blanked out)! DM for proof …" according to a copy of the tweet posted on Engadget June 5, before it was removed from the Twitter site.
In addition to the Twitter and LinkedIn account breaches, the OurMine Team claimed to have compromised Zuckerberg's Pinterest and Instagram accounts. However, according to the Engadget report, Facebook denied hackers gained access to Zuckerberg's Instagram account. Instagram is owned by Facebook.
OurMine claimed in its hijacked Zuckerberg tweet that it was interested in "just testing (Zuckerberg’s) security."
In the case of the Zuckerberg hack, OurMine's reference is to the LinkedIn database that was breached in 2012. The scope of the breach came back into the news in May of this year, when hackers announced that they were willing to sell information related to the 117 million accounts that were compromised.
If that's all true, then Zuckerberg also used his LinkedIn password for the Twitter and Pintrest accounts that OurMine claimed to have compromised during this past weekend.
Security experts repeatedly warn against reusing passwords on other websites, stressing that the practice creates something like a master key that can unlock a number of doors.
[Read how Facebook is using AI to understand text.]
"If a user registers the same passwords on multiple sites, then the problem is magnified far beyond LinkedIn," Morey Haber, vice president of technology at BeyondTrust, told InformationWeek in a previous interview.
Zuckerberg was not the only high-profile person to have his Twitter account hacked.
Singer Katy Perry had her Twitter account compromised last week by a hacker who spewed racial slurs, according to The Verge, and over the weekend Keith Richards Twitter was hacked, as well as Tenacious D and Bon Iver, according to a Billboard report.
In the case of Tenacious D, hackers used that Twitter account to falsely announce the death of Jack Black, while Bon Iver's Twitter was used to spread false cancer rumors regarding the musician, according to Billboard.