Hackers have broken into and defaced Mark Zuckerberg's social media accounts.
The attackers, supposedly belonging to a group known as OurMine Team, broke into the Facebook CEO's personal Twitter, LinkedIn and Pinterest accounts (but not Facebook) and posted messages gloating of their success.
OurMine Team claimed that the hack was made possible by last month's vast dump of LinkedIn member details. Usernames and passwords were obtained during a hack in 2012 and subsequently sold on the dark web.
While LinkedIn took steps to invalidate the stolen credentials, it is possible that the hackers used information shared across multiple services - such as Zuckerberg's email address - to gain access to the accounts.
It is also possible that Zuckerberg has committed the cardinal sin of re-using passwords across different sites. This incredibly dangerous practice is one of the most commonly-cited security flaws, and is frequently criticised by security professionals.
Richard Parris, CEO of cyber security firm Intercede, warned that this breach should be very troubling to everyday users. "If Mr Social Media's accounts can be compromised, with all of the knowledge and resources he and his team have available, we should all be taking notice," he said.
He called for companies like Facebook and Twitter to adopt more secure forms of security, such as biometric or two-factor authentication.
"It's been demonstrated time after time that the simple username and password combination is a fundamentally flawed approach to internet security, but that is typically all we are offered to protect our identity and our data."
"It is time the organisations generating significant revenue from consumers stopped playing fast and loose with security and adopted more sophisticated approaches. They are available, they are easy to implement and they offer much higher levels of security. All it takes is a willingness on behalf of services providers to acknowledge that they have a duty of care to the consumers they serve."
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Netgear WBE710 reviewReviews The compact WBE710 delivers great cloud management features and a good turn of Wi-Fi 7 speed – but it does have a premium price tag
-
Latest Meta GDPR fine brings 12-month total to more than €1 billionNews Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
-
"Unacceptable" data scraping lands Meta a £228m data protection fineNews The much-awaited decision follows the scraping of half a billion users' data and received unanimous approval from EU regulators
-
Meta notifies around 1 million Facebook users of potential compromise through malicious appsNews The vast majority of apps targeting iOS users appeared to be genuine apps for managing business functions such as advertising and analytics
-
Facebook business accounts hijacked by infostealer malware campaignNews Threat actors are using LinkedIn phishing to seize business, ad accounts for financial gain
-
Meta begins encrypting Facebook URLs, nullifying tracking countermeasures
News The move has made URL stripping impossible but will improve analytics
-
Meta hit with €17 million fine over multiple GDPR breachesNews The social media giant set aside over €1 billion in November to help it cope with potential fines arising from data protection investigations
-
Meta says Apple's iOS privacy changes will cost it $10 billion in 2022News The company's CFO suggests Google "faces a different set of restrictions" because it pays Apple to remain the default iOS search engine
-
Google, Facebook fined €210 million for making it difficult for users to reject cookiesNews Data regulator CNIL gives companies three months to provide a system for refusing cookies that is as easy as single click consent
