
Mark Zuckerberg's multi-account password was 'dadada' - twoshedsmcginty
https://thestack.com/security/2016/06/06/zuckerberg-dadada-linkedin-ourmine-breach/
======
kriro
That'll be an excellent example on many security talk slides in the future (PW
strength, reuse of PWs, salting)

They probably could have made some money by combining some day trading of FB
stock with a well timed announcement of resignation due to health concerns or
something. Announce, anticipate drop, buy...leak it was fake, sell. Or
whatever else you can come up with with some thinking. [maybe not because he'd
post that on FB]

~~~
deanCommie
I don't understand your logic.

"If you're going to trespass on someone's property you might as well deface it
and steal some of their stuff"

I am not a lawyer but I could see password breaching in the interest of white
hat security could be is looked an a lot differently by the courts than what
you're suggesting

~~~
kriro
I believe the passwords came from the 2012 LinkedIn breach and was referring
to the original criminals. If you have the criminal energy to steal that data
you might as well use it. I don't think there was anything white hat about
that incident.

~~~
toyg
_> If you have the criminal energy to steal that data you might as well use
it. _

No no no. Any self-respecting criminal will not gain directly from a break-in,
but rather sell the goods on to someone with a credible laundering story (or
at least someone who will put further space between him and the goods).

~~~
jacquesm
> Any self-respecting criminal will not gain directly from a break-in, but
> rather sell the goods on to someone with a credible laundering story

I think that contains a contradiction.

~~~
toyg
ok, "will not gain _from directly leveraging goods acquired in a break-in
against the same victims of such break-in_ ". Thieves usually don't try to
sell your TV back to you, and the ones who do are widely mocked.

But you know what I meant.

------
mvdwoord
“No Facebook systems or accounts were accessed… The affected accounts have
been re-secured.”

Sounds to me like they weren't very secure to begin with. So they would be
"secured" now, not "re-secured". It's crap like this that makes me miss George
Carlin.

------
adzm
All I can think of is that song... Ich lieb' dich nicht, du liebst mich nicht.
Da da da.

------
sakri
So the combination is... da, da, da? That's the stupidest combination I've
ever heard in my life! That's the kind of thing an idiot would have on his
luggage!

~~~
jasonellis
da, da, da?

That's amazing! I've got the same combination on my luggage!

~~~
lfowles
An infant could have come up with that combination!

------
roberthahn
As soon as I saw the password I wondered if Mark was left-handed.

Turns out I was spot on: a bit of googling revealed he was.

~~~
arcanus
I'm a southpaw myself, and therefore quite biased, but I've always been struck
by the prevalence of CEOs, Presidents, notable scientists, etc. that I have
met who are fellow lefties. Don't have a p-value, but it seems much higher
than the ambient (~10%) rate.

For instance, for the last 4-5 years in our computational science research
group, we have been sitting pretty steadily near 50%.

~~~
qrendel
Selection bias? There are some studies indicating left-handed children tend to
score lower ( _on average_ ) on IQ, verbal scores, etc:
[http://www.ncbi.nlm.nih.gov/pubmed/16643966](http://www.ncbi.nlm.nih.gov/pubmed/16643966)
(Edit: Seems the IQ difference varies between studies and is negligible, if
even exists.)

Hypothesis is that left-handedness can be caused by early brain trauma, so if
"lefties" are disproportionately represented in such positions, the ones with
non-pathological causes would seem to have an even bigger advantage over the
right-handed to make up for the lower mean. Or perhaps it's associated with
other talents that make up for the deficits. (Edit: Wikipedia seems to support
this -
[https://en.wikipedia.org/wiki/Handedness#Intelligence](https://en.wikipedia.org/wiki/Handedness#Intelligence))

Or perhaps the research conclusions are just wrong.

~~~
visakanv
It's possible for both phenomena to coexist. Extreme case: Suppose 95% of
left-handers are low-functioning, and 5% of them are INCREDIBLY high-
functioning. You'd then have them simultaneously overrepresented in top
positions AND scoring lower on IQ, verbal scores, etc.

If true (in a less extreme sense), I imagine it would be vaguely correlated
with post-traumatic stress and post-traumatic growth. Some of the most amazing
people humanity has produced went through unimaginable suffering. And yet the
vast majority of people who go through hideous suffering end up dysfunctional.

So it's something like– most people with a disadvantage get messed up, but the
few who manage to overcome it, manage to overcompensate dramatically.

~~~
arcanus
> You'd then have them simultaneously overrepresented in top positions AND
> scoring lower on IQ, verbal scores, etc.

Yep... you can have distributions with identical means, and fatter tails.

------
detaro
[https://news.ycombinator.com/item?id=11842635](https://news.ycombinator.com/item?id=11842635)

------
spacemanmatt
Ich lieb dich nicht, du liebst mich nicht. Da da da!

(am I the only one who remembers Trio of their song that VW used in ads a few
years ago?)

~~~
Keyframe
Don't know about the ad, but I remember the 80's.

------
scandox
"...though at $50 a claimant, no-one stood to be much enriched out of the
settlement..."

The lawyers must find that mildly amusing.

~~~
junto
How do I go about claiming my $50?

~~~
jasonlfunk
You file the claim form and submit it before May of last year... But you also
had to have paid for LinkedIn premium for to be eligible.

Source: www.linkedinclassactionsettlement.com

------
stefanix
relevant
[https://www.youtube.com/watch?v=lNYcviXK4rg](https://www.youtube.com/watch?v=lNYcviXK4rg)

------
Puts
I'm waiting for the dadada t-shirt. :D

~~~
frgewut
Here you go
[http://www.zazzle.com/dadada_tee_shirt-235801669209689823](http://www.zazzle.com/dadada_tee_shirt-235801669209689823)

------
Sami_Lehtinen
Since when has SHA1 been crackable in three days? AFAIK with proper passwords
SHA1 is nearly impossible to crack. Did I get something wrong? Salting does
make the process slower with bad passwords, but with good ones there's very
little difference. Just my gut feeling.

~~~
gravypod
It seems like it's easy to find collisions from the hash.

[https://www.schneier.com/blog/archives/2005/02/sha1_broken.h...](https://www.schneier.com/blog/archives/2005/02/sha1_broken.html)

~~~
heimatau
Yes, here is more info on SHA1 being broken.

[https://crypto.stackexchange.com/questions/3690/no-
sha-1-col...](https://crypto.stackexchange.com/questions/3690/no-
sha-1-collision-yet-sha-1-is-broken)

------
CGamesPlay
Mark Zuckerberg doesn't care about his Pinterest and Twitter accounts. He
created them to scope out the competition and doesn't care if they get
compromised. That's why his Instagram didn't get affected; he does care about
that one (or at least somebody on the team of people he employs to protect the
security of his websites does).

Now, I'll bet the lesson Zuck takes away from this is actually that other
people care more about his Pinterest than he does (e.g. If John Doe sees Zuck
pin something John may be much more likely to check that product out).

~~~
takno
So the takeaway is to use a fake name as well

------
PunchTornado
I am using that password for dummy accounts (internal) all the time. As an
Eastern European it means something in the language (yes). What does it mean
in English?

~~~
back_beyond
I am not aware of any meaning in English

~~~
fit2rule
Was ist los mit dir, mein Schatz?

[https://www.youtube.com/watch?v=lNYcviXK4rg](https://www.youtube.com/watch?v=lNYcviXK4rg)

------
massysett
As long as we have way too many unnecessary passwords, this will happen.

Merchants have figured this out. Many now allow purchases without creating an
account (no doubt also because if people have to create another password, some
will just abandon the purchase.)

I was reading about the Eero router. They figured this out. They get the
user's phone number and send a token by text.

Passwords are horrible for usage and horrible for security. Just horrible all
around.

------
amelius
How is that possible? Many systems require at least 1 digit, and/or at least
an uppercase character.

~~~
chiph
Yes. _These_ days they do. It wasn't so in the past. Look at how many times
the four-letter sequence "asdf" shows up in password dumps.

------
l1feh4ck
Its kinda hard to believe that he used "dadada" as a password. Anyone who have
a bit of understanding about how passwords are cracked would never use such a
sloppy password. And he had one password for all the social accounts? Ew...
How could he be so stupid?

------
zerooneinfinity
Maybe ahahah is another password -
[https://www.youtube.com/watch?v=lNYcviXK4rg](https://www.youtube.com/watch?v=lNYcviXK4rg)

------
lfottaviano
I think he was paying to someone else to manage his media.

------
augustt
Makes me wonder how securely passwords were stored when he first opened
Facebook to colleges.

------
cha5m
And see here I was about to go and change all my passwords...

------
frade33
still better than me ... abc123

------
hackim
haha easy to remember..

------
patrickmay
Daddy issues?

------
satai
Memes are coming...

------
IIAOPSW
to which I say "hahaha"

In all seriousness, many people choose shit passwords for the accounts they
don't care about. I'm sure Mark's password for his admin account on fb is
probably harder to guess.

~~~
artofcode
dadada1

~~~
colejohnson66
Which raises the entropy from 2^6 (64) to 3^7 (2187)! An increase by over
3000%! So much more secure!

------
d3ckard
Well...

[https://www.youtube.com/watch?v=L7abNYC0KQI](https://www.youtube.com/watch?v=L7abNYC0KQI)

------
phyzome
I had no idea he was into avant-garde art!

([https://en.wikipedia.org/wiki/Dada](https://en.wikipedia.org/wiki/Dada))

------
D81Q3KJE81
Everyone who works at Facebook should watch out right now. Endgame Systems
(CIA) is trying to hack profiles right not to terrorize people. This is only
the beginning.

