One of the most important tips that security experts have for staying safe online is that you
never reuse passwords.
That way, if one service you use gets hacked or compromised, then all your other accounts remain safe and secure.
It’s a lesson that a lot of celebrities would do well to learn.
Over the last few weeks, there has been a deluge of high-profile figures getting hacked. Everyone from Facebook CEO Mark Zuckerberg to singer Drake has been targeted, and the culprit appears to be reused passwords.
This is thanks to a number of mega-hacks that happened years ago, but only properly surfaced recently, including MySpace and LinkedIn.
In June 2013, social network MySpace got breached, and 360 million user accounts were compromised. That user data appeared for sale online at the end of May this year. Likewise, LinkedIn was hacked back in 2012, with 167 million account details stolen. We learnt the full scale of this hack in May, as the database became public.
In both instances, users passwords were encrypted to protect them — but not in a particularly strong way, meaning people have been able to crack the encryption and figure them out.
And as a result, we are now seeing a wave of malicious account take-overs targeting celebrities and public figures.
Mark Zuckerberg, for example, saw his Twitter and Pinterest accounts hijacked on Sunday. The hackers — who call themselves the OurMine Team — confirmed they found his login details in the LinkedIn breach. Zuck’s password? “dadada”.
Drake, meanwhile, has become a victim as a result of the MySpace breach. The hacker (called “Aiden”) told Gizmodo’s William Turton that he found the singer’s password in the MySpace data dump, the only change being different capitalisation.
Electronic dance music artist Deadmau5 has also been a victim, with the hackers — OurMine Team again — gaining access to his SoundCloud account.
And Katy Perry, who has the most popular account on Twitter with 89 million followers, was hit at the tail-end of May, with the attackers sending a string of tweets using homophobic and racist slurs. (A separate group, OTF, was responsible for hack of Perry’s account, among others.) They also allegedly leaked an unreleased track by the singer, Witness 1.3.
There are plenty more recent celebrity hacks just like this. Actor and singer Jack Black, Kylie Jenner, Lana Del Rey, the NFL, and many others have been targeted. It’s not confirmed that reused passwords from LinkedIn, MySpace, and other old hacks are responsible for all of these attacks — but given the timing, it seems very likely.
The attacks are by-and-large fairly harmless. The hackers are posting shout-outs to themselves and friends, and using graphic language, but it’s easy for Twitter (and other sites) to undo the damage and restore the accounts to their rightful owners.
What’s more worrying is the question of what other hacks are currently happening that the general public can’t see. If someone has reused a password once, they have likely reused it multiple times — meaning that more sensitive accounts like email addresses and cloud storage services are also at risk of getting broken into.
Back in 2014, hundreds of intimate nude photos of dozens of female celebrities were leaked online. They are believed to have been stolen from the victims’ Apple iCloud accounts by hackers able to bypass the passwords.
The MySpace and LinkedIn data dumps could help hackers steal intimate and private data from celebrities (and ordinary people!) all over again.
A Twitter spokesperson told Business Insider in a statement: “A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter.”
The social network also pointed users towards its help center for more security tips, and has seperately said on its offical Support account that “to help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks.”
Experts recommend you use a different, strong password for every app, site, and service you sign up for — managing them with a Password Manager app if necessary. (And use two-factor authentication, so knowing the password alone isn’t enough to break into an account.) If you don’t, your reused passwords may one day come back to haunt you — as celebs are now finding out the hard way.