Cybersecurity failures are so frequent that they even happen to individuals we'd expect to have taken better precautions. That's certainly the case with Facebook founder Mark Zuckerberg, whose social media accounts were hacked due to a poor password. The breach illustrates two common mistakes that many users make when creating account passwords, and why passwords are a crucial part of endpoint security.
What Happened to Zuckerberg
In May 2016, LinkedIn confirmed that credentials for more than 100 million of its users were stolen in 2012. Much of the compromised data was only posted on the dark web by hackers that month—four years later. Against best practices, LinkedIn had encrypted the credentials with merely the SHA1 algorithm but had not added salt, making the data easy to breach. One of the victims of the hack was Zuckerberg.
Presumably, the cyber criminals quickly discovered Zuckerberg's weak password: dadada. Then they likely checked to see if he reused this password elsewhere, and since he had, they were able to break into his Twitter and Pinterest accounts, and possibly others (though not Facebook). They defaced Zuckerberg's social media presence, which was undone quickly, after he was able to restore access.
Zuckerberg's story shows how making two common mistakes can catch up with a user years later. First, he chose a weak password. Second, he reused the same password on multiple accounts, which allowed for multiple breaches. You can avoid these errors by following basic techniques to ensure that your password can't be easily uncovered.
The Role of Password Security
Of the multiple areas of specialized focus in cybersecurity, the work of improving passwords generally falls under endpoint security: what individual users can do to interact more securely with a particular device.
Endpoint security is crucial because a single person can often be hackers' entry point into an organization's larger network. Imagine if Zuckerberg had been using Twitter the way many busy employees do. Rather than spending a lot of time trying to get encrypted email to work, for instance, Zuckerberg might have used Twitter's direct messaging feature—assuming it would stay private—to send some network resource information to another employee who urgently needed it. Then once hackers breached Zuckerberg's Twitter account, they could find that direct message—and gain more intelligence to help them hack into that network resource.
If users take care to set up their endpoint security well—by choosing strong passwords, for instance—they can avoid these sorts of disasters. Of course, no one is perfect; endpoint security is not enough. What's also crucial is network security.
If the hackers had obtained intelligence about a network resource from a Twitter direct message. They could use that data to try to access the resource—but if the organization had correctly employed network security monitoring or security tools such as SIEM, the IT team would receive notifications of the unusual access attempt. They'd have time to take proper precautions and prevent a cyber attack from taking place.
Is your password putting your company at risk? If so, it's time to change it. Check out our password security basics for a guide to best practices in the industry.
Feature Photo: Frederic Legrand - COMEO / Shutterstock.com