One of the unfortunate consequences of today’s socially-connected world is that there are a number of different services that require an account login and password. Twitter, Facebook, Google, LinkedIn, Pinterest, Instagram, Tumblr… the list goes on. These applications and services offer users the option to create an account based on an email address and password and for many of us, it is tempting to use the same email account and password for each of these. In an ideal world, this would not be a problem, because we trust all of these services to keep our data safe and secure. However, sometimes one or more services suffers from a hack and customer data is compromised. This is exactly what happened with LinkedIn way back in 2012 – when most Android smartphones were running version 2.3 Gingerbread or version 4.0 Ice Cream Sandwich.
At the time, LinkedIn’s data was compromised and many millions of passwords were stolen. LinkedIn wrote to members first to apologise and second to ask them to change their passwords. This is all well and good, but did people change their passwords? Because it’s important that all same-passwords are changed and not just the LinkedIn ones. It appears that Mark Zuckerberg, founder of Facebook, didn’t change his passwords for at least the Twitter, LinkedIn and Pinterest accounts as over the weekend the hacker group, OurMine, hacked into these accounts. The group happily posted to the world that it had access to these accounts along with a claim that it had control of Mark’s Instragram account, although there was no evidence of this. OurMine reached out to mark in a Tweet that said: “We got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm us.” Since then, Mark appears to have retaken control back of these accounts and the hacker messages have been cleared from the services.
We’ve no word on the consequences for the OurMine team other than their Twitter account has been suspended, and no official word on how Mark’s accounts were hacked. However, this should serve as a reminder to everybody with a LinkedIn account and a password shared across multiple services: change them all, and use a different password for every account.