Celebrities keep getting hacked because they're making a massive security mistake

Kylie jenner selfie smartphone photo portrait photograph iphone crowd celebrityGerardo Mora/Getty Images for Sugar Factory American BrasserieKylie Jenner, one of the many recent high-profile victims of hacks.

One of the most important tips that security experts have for staying safe online is that you
never reuse passwords.

That way, if one service you use gets hacked or compromised, then all your other accounts remain safe and secure.

It’s a lesson that a lot of celebrities would do well to learn.

Over the last few weeks, there has been a deluge of high-profile figures getting hacked. Everyone from Facebook CEO Mark Zuckerberg to singer Drake has been targeted, and the culprit appears to be reused passwords.

This is thanks to a number of mega-hacks that happened years ago, but only properly surfaced recently, including MySpace and LinkedIn.

In June 2013, social network MySpace got breached, and 360 million user accounts were compromised. That user data appeared for sale online at the end of May this year. Likewise, LinkedIn was hacked back in 2012, with 167 million account details stolen. We learnt the full scale of this hack in May, as the database became public.

In both instances, users passwords were encrypted to protect them — but not in a particularly strong way, meaning people have been able to crack the encryption and figure them out.

And as a result, we are now seeing a wave of malicious account take-overs targeting celebrities and public figures.

Facebook ceo mark zuckerbergDavid Ramos/Getty ImagesEven billionaire tech CEOs like Mark Zuckerberg aren’t safe.

Mark Zuckerberg, for example, saw his Twitter and Pinterest accounts hijacked on Sunday. The hackers — who call themselves the OurMine Team — confirmed they found his login details in the LinkedIn breach. Zuck’s password? “dadada”.

Drake, meanwhile, has become a victim as a result of the MySpace breach. The hacker (called “Aiden”) told Gizmodo’s William Turton that he found the singer’s password in the MySpace data dump, the only change being different capitalisation.

Electronic dance music artist Deadmau5 has also been a victim, with the hackers — OurMine Team again — gaining access to his SoundCloud account.

And Katy Perry, who has the most popular account on Twitter with 89 million followers, was hit at the tail-end of May, with the attackers sending a string of tweets using homophobic and racist slurs. (A separate group, OTF, was responsible for hack of Perry’s account, among others.) They also allegedly leaked an unreleased track by the singer, Witness 1.3.

Lana del rey singerPascal Le Segretain/Getty ImagesRecording artist Lana Del Rey attends the 2016 Vanity Fair Oscar Party Hosted By Graydon Carter at the Wallis Annenberg Center for the Performing Arts on February 28, 2016 in Beverly Hills, California.

There are plenty more recent celebrity hacks just like this. Actor and singer Jack Black, Kylie Jenner, Lana Del Rey, the NFL, and many others have been targeted. It’s not confirmed that reused passwords from LinkedIn, MySpace, and other old hacks are responsible for all of these attacks — but given the timing, it seems very likely.

The attacks are by-and-large fairly harmless. The hackers are posting shout-outs to themselves and friends, and using graphic language, but it’s easy for Twitter (and other sites) to undo the damage and restore the accounts to their rightful owners.

What’s more worrying is the question of what other hacks are currently happening that the general public can’t see. If someone has reused a password once, they have likely reused it multiple times — meaning that more sensitive accounts like email addresses and cloud storage services are also at risk of getting broken into.

Back in 2014, hundreds of intimate nude photos of dozens of female celebrities were leaked online. They are believed to have been stolen from the victims’ Apple iCloud accounts by hackers able to bypass the passwords.

The MySpace and LinkedIn data dumps could help hackers steal intimate and private data from celebrities (and ordinary people!) all over again.

DrakeBob Donnan / USA TODAY SportsMusical artist Drake during the 2014 NBA All Star three point contest at Smoothie King Center.

A Twitter spokesperson told Business Insider in a statement: “A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter.”

The social network also pointed users towards its help center for more security tips, and has seperately said on its offical Support account that “to help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks.”

Experts recommend you use a different, strong password for every app, site, and service you sign up for — managing them with a Password Manager app if necessary. (And use two-factor authentication, so knowing the password alone isn’t enough to break into an account.) If you don’t, your reused passwords may one day come back to haunt you — as celebs are now finding out the hard way.

NOW WATCH: This is what happens to your brain and body when you check your phone before bed

NOW WATCH: Tech Insider videos

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.