Think it’s not a big deal if you re-use a password on a few websites? Two high-profile hacks in a week offer yet more proof that it’s most definitely a bad idea.
The first incident seems to have started around the 23 of March. Isolated reports started coming in from Teamviewer users that their machines had been accessed by unknown third parties — and they weren’t using it to provide tech support or run a presentation.
Hackers used their access to make purchases using Paypal and Amazon credentials that had been stored in the users’ browser. So how were their system compromised? Teamviewer says it wasn’t anything wrong with their software and that their own systems weren’t breached.
Instead, they say that users’ Teamviewer master accounts were using email address and password combinations that had recently popped up on the dark web — which included several hundred million that were swiped from MySpace and LinkedIn.
As the days passed, more and more Teamviewer users reported identical attacks. While many are scrambling to move their computers to a different remote control app, it’s worth noting that resetting your passwords, setting up 2FA, and configuring a whitelist on your Teamviewer machines will keep the bad guys at bay. They’ve also added a new “trusted devices” feature to increase security.
The second incident involved someone who you’d think would know a thing or two about good security practices. Hackers broke into several of Mark Zuckerberg’s personal accounts — including his Twitter and Pinterest — and defaced them.
In addition to not being unique, Zuck’s password was incredibly weak: dadada. Being a proud papa isn’t something you need to show off in your passwords. Not if you want to avoid being hacked, anyway, and especially not without even a single capital letter, number, or symbol thrown in to make things even slightly more difficult.
Image courtesy Auto Italia/Flickr