Posts

Zuckerberg Hacked: How Not to Be Like Mark

,

Mark Zuckerberg Hacked Because of Weak Passwords

It seems Mark Zuckerberg might be a little lazy, or a little stupid, or at the very least a little embarrassed. The undisputed king of social media has had two of his social media accounts hacked. Granted, it was not his Facebook account—just his Pinterest and Twitter accounts, the latter of which he hasn’t used since 2012. A Saudi Arabian hacker team named OurMine has taken credit for the attack, claiming they got his password from the recent dump of information obtained in the LinkedIn data breach from 2012.

Let’s see where Mr. Zuckerberg went wrong by using the safe password development tips (in bold below) from his very own creation: Facebook.

Make sure your password is unique, but memorable enough that you don’t forget it. Supposedly, Zuckerberg’s password was “dadada”.

Don’t use a password that you use on other sites – if one site gets hacked and your password is stolen, hackers will often try it on other sites. Clearly, he used it on at least three sites.

Don’t share your password with anyone. If you think someone else has it, you should change it. When LinkedIn was hacked four years ago, he evidently did not change it on the other sites.

Instead of picking on him further, let’s talk about how this applies to someone really important: you and me.

While Mr. Zuckerberg has had to eat a little humble pie, he likely won’t suffer any serious damage from this incident. Others, however, aren’t so lucky. More than 100 users of TeamViewer, a German software company whose software gives users remote access to computer desktops, have had accounts taken over since the LinkedIn data was made public. The criminals then used TeamViewer to authorize transactions through Amazon or PayPal. The company believes the activity is linked to the recent rash of data disclosures.

There is also the strong possibility that users of LinkedIn may be more likely to use those same passwords in their professional lives. That could expose users’ business data or allow hackers to take over accounts at job or travel sites.

I am constantly amazed by the corporations that I speak to that haven’t yet instilled strong password habits among their employees. They spend hugely on intrusion detection, but don’t take the time or minuscule investment required to solve what I call a gatekeeper flaw. Employees are the gatekeepers of your valuable data, and if they don’t protect it with strong passwords, no amount of security software will cover this inexcusable and easily solvable mistake. 

How are you training your people on strong passwords? 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

iCloud Hacked for Nude Jennifer Lawrence Photos? How to Keep from Being Next

Unless you’ve been living under a rock (or haven’t been on the internet in the past 24 hours), you most likely know that intimate photos of celebrities like Jennifer Lawrence and Kate Upton have been exposed (pardon the pun) to the public.

While it is not yet verified, Apple has said it is “actively investigating” the possibility that iCloud accounts have been hacked.  The photos surfaced immediately after an Apple “Find My iPhone” exploit was revealed, so Apple’s own security is being questioned. As of now, Apple is saying that iCloud has not been systematically hacked, but that the breach of celebrity photos was a limited, targeted attack. Whether or not iCloud was exploited in any way for these pointed attacks hasn’t been determined.

The sad truth is that this most likely boils down to user error (weak passwords by celebrities) rather than a sophisticated hacking attempt.  A brand new exploit, called “iBrute”, allows hackers to try one common password after another until they find one that works and then they can access the iCloud account if they know the email address for the Apple ID (which is probably your regular address).

This is but the tip of the iceberg of cloud-based security hacks.  So, to keep yourself safe on iCloud, change your password and turn on 2-step verification:

  • Login to My Apple ID.
  • Click “Manage your Apple ID” and sign in
  • Select “Password and Security” and answer your security questions (if requested)
  • For starters, reset your Apple ID password and make it a long, strong, alpha-numeric phrase like Th3 h!ll$ @r3 @l!v3 (The hills are alive)
  • Under “Two-Step Verification,” click “Get Started,” and follow the instructions. Two-step verification does take an extra step to login to your account, but it also gives you a layer of security that makes it exceptionally difficult to hack.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.