
Mark Zuckerberg's Twitter and Pinterest Accounts Hacked from Linkedin Breach - petulla
https://twitter.com/Ben_Hall/status/739534393585340417
======
danso
FWIW, his password was apparently "dadada". But he basically never used
Twitter (didn't follow him on Pinterest), so he probably did what a lot of
people do for services they don't really intend on seriously using (except
most people seriously use those social media services), which is to just make
up a silly password for all of them. Even so, probably should've picked
something a little stronger than that...

~~~
dawhizkid
Optics are really bad here. This is from LinkedIn, so he used a terrible
password on at least 3+ large social media websites (and what else?).

~~~
petulla
It is a wonder how no one was worrying about this..

~~~
6stringmerc
If I was the underwriter for FB's D&O / Cyber policy about now I'd be making
some very uncomfortable phone calls to important people.

------
jrnichols
What worries me most about this LinkedIn breach is that somehow, some way,
they showed my email address.

Not once in my life do I recall ever setting up a LinkedIn account. Ever. But
somehow, I have one. :/

~~~
TwoBit
What kind of password did it have for you?

~~~
jrnichols
I have no idea. I had to go through their password reset hoops to even get in
and figure out what was going on and to make sure that it was actually _my_
account. It was, fortunately... or at least one that I had control over. My
worry was that someone had made a fake linkedin account.

------
laurencei
I wonder if this implies a possible insight into password thefts, and why some
of the "leaks" take years to actually be distributed/published by the original
hacker.

If you stole a database of hashed passwords, you could focus on 2-3 "VIP"
clients/celebrities of that database, and despite the computational cost, try
and crack that hash.

Knowning that if/when you crack the hash, you could potentially use that
password on other logins that VIP might use, prior to anyone knowing.

------
sethbannon
Is there somewhere to check if one's account / pass was in the database?

~~~
laurencei
[https://haveibeenpwned.com/](https://haveibeenpwned.com/)

edit: not sure why I was downvoted - this answers the question.

------
bagels
Does this reflect more poorly on Twitter & Pinterest or Mark Zuckerberg in the
public eye?

~~~
jonknee
Wholly on Zuck for using the same weak password. Password managers are easy,
there is no excuse for a tech savvy person to use a bad password (and even
worse, re-use the same bad password).

~~~
brianwawok
For stupid sites who cares? If someone wants my hackernews or reddit
passwords, cool. I am not going to go copy paste passwords so my hacker news
password is safe.

~~~
jonknee
To each their own, but in this case if Zuck had used a password manager he
wouldn't come out looking like a chump. And honestly it's easier to use one
than type even a simple password--one keyboard shortcut and you're
automatically logged in.

~~~
brianwawok
Assuming you are on the correct device with the correct manager installed.

------
frgewut
"the entire database proved crackable in a mere three days."

Is the article claiming that ALL passwords are known now?

------
stephenr
Every time this sort of thing comes up, people piss and moan that password
managers are too hard to use/etc.

I've never used a password manager besides keychain+safari (across several
devices), and I just don't get the issues people claim to have.

If third party password managers are so terrible why hasn't chrome/ff/etc got
a better built in password manager? Or if they do, why don't people use them?

------
weakwire
Mark Zuckerberg's Twitter and Pinterest Accounts Hacked. Twitter and Pinterest
Accounts Hacked. Twitter and Pinterest. Not Facebook. If I was MZ i would use
"password" as a password on Twitter and Pinterest...

------
sbardle
Zucks new password: dadada1

