Mark Zuckerberg hack a cautionary tale about password security

Even tech billionaires get hacked sometimes.

Case in pointFacebook founder Mark Zuckerberg's Twitter and Pinterest accounts were recentlycompromised.

• Mark Zuckerberg's social media accounts hacked

And according to CBC Radio technology columnist Dan Misener, it's a cautionary tale for all of us.

How did Mark Zuckerberg get hacked?

You might remember that back in May, LinkedIn confirmed that more than 100 million passwords had been leaked.

• LinkedIn says 117 million accounts were hacked in 2012

If you have an account on LinkedIn, you might have received an email about this. And it seems Mark Zuckerberg's LinkedIn password was part of the breach.

According to the group claiming responsibility for the hack, his password was pretty weak"dadada." It was known that he'd recently become a father, so that's not a hard password to guess.

So it seems hackers were able to gain control of his Twitter and Pinterest accounts, by using that same password.

The implication is that Mark Zuckerberg, like many of us, used the same password for a number of different sites and services.

Are there other password leakswe should be worried about?

During the same weekend news broke about the Zuckerberg hack,news emergedthat the social network VK was also hacked, and 100 million passwords were leaked.VK isn'tbig in here in Canada, but it is the largest social network in Europe, and it's especially popular in Russia.

These VK passwords were reportedly stored in plain text, with no encryption.And thatleak gives us some interesting insight into the kinds of passwords people choose.

Spoiler alert: most people's passwords are not very strong.

The most popular leaked password was "123456."The second most popular password was "123456789."And in the third spot: "qwerty."

Another major breach came to light in May, when the websiteLeakedSource which maintains a searchable database of leaked records said more than360 million MySpace accounts were being shopped around on dark web marketplaces.

Once again, the Myspace breach gives us a peek into our collective bad password hygiene. Among the most popular passwords were "password1," "abc123," and the ubiquitous "123456."

I'm not Mark Zuckerberg andI don't use LinkedIn. Do I need to worry about these breaches?

Yes. Even if you're not a high-profile target like Mark Zuckerberg, and even if your ownpersonal password never gets leaked, these types of data breaches affect us all.

When millions of passwords get leaked as we've seen with LinkedIn and MySpace and VK that information helps hackers get better at their jobs, according to Carleton University computer science professorAnil Somayaji.

"In order to crack passwords, they have to guess passwords," he said.

"What's the best way of guessing a password, other than having examples of passwords? It's no question that these big data dumps teach the password crackers what kind of passwords people pick."

So even if your personal details aren't leaked, these massive data breaches have negative security consequences for everyone, because it's one more tool in the hackers' toolkit.

How do I knowif my password has been part of a leak?

There are tools out there that can help with this.My favourite is a site called HaveIBeenPwned.com.

It's a searchable database of accounts that have been compromised in data breaches.You go to the website, enter your email address or username, and it searches through almost a billion records of accounts that have been leaked.

What I like most about the site is that it has an option to notify you about future breaches. So if, for instance, next monththere's a major data breach of a social network, and your account is part of it, they'll email to let you know. And that, of course,is a good indicationyou should change your password immediately.

What can I do to keep my accounts safe?

It seems that Mark Zuckerberg's Pinterest and Twitter accounts got hacked because he used the same weak password across more than one site.So rule number one: don't re-use passwords. You want a unique password for every site and service you use.

Second, Anil Somayaji suggests that you turn on two-factor authentication for your most important accounts.

• Jennifer Lawrence photo hack: Apple to push 2-step authentication process

That may involve, for example, entering a code that's sent to you by text message along with your usual username and password combination.

"Do it for the ones that you really care about your email accounts, which are generallythe foundation of your online identity,and your financial institutions," he recommends.

Finally, you want a good strong password. That means easy for you to remember, difficult for someone else to guess.

And obviously, something better than "dadada."

• Worst passwords of 2015 unveiled by SplashData