Over the weekend hackers managed to access Facebook founder Mark Zuckerberg's Twitter and Pinterest accounts, as well as the social media accounts of other celebrities.
Someone posted to Zuckerberg’s Twitter feed on Sunday, claiming to have found his password in account information leaked from LinkedIn.
A group calling itself the OurMine Team took credit for breaking into Zuckerberg's Twitter, Pinterest and Instagram accounts, but there's no evidence that the Instagram account has been breached.
"You were in LinkedIn Database with password 'dadada'," read a message supposedly posted by hackers from Zuckerberg's @finkd Twitter account.
It's worth noting that Zuckerberg or his representatives rarely use this account, the last tweet dating from Jan. 2012 and the previous one from Mar. 2009.
Facebook representatives did not immediately respond to a request for comment.
If indeed the breaches were related to the recently leaked database of LinkedIn accounts that was stolen in 2012, they highlight why it's important to use different passwords for different online accounts.
Websites can have different security levels for storing user passwords. As past breaches have shown, some websites store passwords in plain text, while some store hashes -- cryptographic representations of those passwords.
In the case of LinkedIn, the company stored password hashes, but they were generated using an insecure function called SHA1, making most of them easily crackable.
Users are better off assuming that any website will be compromised at some point and that their password used on that website will be exposed. With that in mind, it's best to limit the potential damage by using unique, complex passwords for each online account.
A password manager application can make dealing with multiple passwords easier and if a website offers two-factor authentication as an account security measure, it's a good idea to use that too.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.