Our Mine Team. The alleged password for his LinkedIn account was a complex “dadada” – a straight six-character, lower-case password.
The key vulnerability is that people, just like Mr. Zuckerberg, are creatures of habit that reuse complete passwords and, more intriguingly, reuse parts of passwords across multiple sites. The old, outdated dump of LinkedIn data was the precise key needed by the hackers to uncover and exploit this.
As the leak spilled into the public domain, the list has been scrutinized – by legitimate analysts and those on the dark side – for clues about password selection. They parse the list for trends in password length, selection of alpha-numerical characters, and capitalization. For starters, a whopping 1,135,936 LinkedIn members used a simple “123456” as a password – and they’re not alone!
Thanks to his Facebook connection, Mr. Zuckerberg is a more visible target than I am. Once hackers managed to find out that “dadada” was the Zuckerberg password for LinkedIn, we can assume that they tried this password on other social media sites. If or when that did not work, they most likely parsed the password into its individual elements and looked for trends. An “eqeqeq” or “fsfsfs” was likely next on their list.
Even if your name is not Mark Zuckerberg, passwords and accounts can be hacked. If there is a breach, do change that password — but don’t recycle either passwords or its primary components. To make thinks easier you might just want a password manager, like the Avira Password Manager. Two-factor verification is also something you should consider. And remember, that breached password is radioactive and has a long half-life — don’t touch it again.