June 7, 2016

Maybe it’s the joys of new parenthood. But the world now knows that Mark Zuckerberg’s favorite password was apparently “dadada” — and learned an obvious lesson for newsrooms and at home.

Journalists should note that the Facebook founder, a king of modern social media, was the victim of account hacking over the weekend. The bad guys got hold of his Twitter and Pinterest accounts.

Zuckerberg? The visionary Zuckerberg? Doesn’t he have a dozen former Secret Service and FBI techies at his beck and call, open 24/7 like an all-night CVS pharmacy? Doesn’t he change passwords as often as Donald Trump tweets something nasty? How could that happen?

Well, the bad guys claimed to have both found and then used his password via a de facto digital archaeological foray; namely going through a recent public dump of no less than 117 million LinkedIn emails and passwords from a 2012 hack.

An individual or group using the “OurMine” moniker was rather exuberant about finding the “daddy” password, then also claiming to have taken over Zuckerberg’s Instagram account. The company has not responded.

The press is, no surprise, rather sensitive to the issue of hacking. And it should be. Consider all those stories and contact numbers and confidential notes and documents hidden away in newsroom databases.

It’s why the New York Times on Monday underscored, “There are several lessons to be learned from a data breach in which hackers gained access to Mark Zuckerberg’s social media accounts, but chief among them is probably this: Quit using the same password for multiple websites.”

On Tuesday came a sort of more direct loving rebuke from, of all places, a good sports journalism site, The Ringer. There, articles editor Molly McHugh voiced surprise not with Zuckerberg having been hacked. No, for McHugh it was more the double take she did over the password used by the multi-billionaire who’s got mainstream media apoplectic as he gobbles up the lion’s share of digital ad dollars and has it scrambling for new business models.

“Dadada,” as is Da Da Da.


“It’s a comically bad password,” she writes. “It doesn’t have special characters or numbers. It doesn’t even have an uppercase letter. It’s only two letters, just repeated. It’s very, very bad.”

In her mind, if that really, truly is his password, as the hackers claim (again, so far unrebutted), a modern media titan has relied on six characters that elude every sensible element of a strong password.

“The hack also would suggest he used the same password his Pinterest and Twitter accounts, another failing,” she writes.

As Joe Siegrist, CEO of password management firm LastPass, told McHugh, “This is another perfect example of how humans  — even those in the tech field  — are inherently bad at making passwords. I cannot stress enough the importance of creating unique passwords for every account. If you’re not doing this, you’re doing it wrong.”

So now, before you go home or run to that Little League game or dance recital, perhaps you should double-check whether it would really be that hard to break into those story files you’ve been hoarding away for months.

Unless you want to finally have something in common with Mark Zuckerberg.

Support high-integrity, independent journalism that serves democracy. Make a gift to Poynter today. The Poynter Institute is a nonpartisan, nonprofit organization, and your gift helps us make good journalism better.
New York City native, graduate of Collegiate School, Amherst College and Roosevelt University. Married to Cornelia Grumman, dad of Blair and Eliot. National columnist, U.S.…
James Warren

More News

Back to News