Brendan Iribe, co-founder of virtual reality firm Oculus, is the latest big name Silicon Valley CEO to have his social media account hacked.
The mischief-maker used the opportunity to announce a new CEO in a now deleted message:
“We here @oculus are very excited to announced our new CEO @Lid ! :)”
The alleged hacker told TechCrunch that they got the password via the massive MySpace data dump last month. This most likely means Iribe was sharing credentials between his social accounts.
The same hacker claimed that they would also have been able to crack the Oculus CEO’s email account had he not had two-factor authentication enabled.
Iribe joins a long list of Silicon Valley bosses to have had their social media accounts hijacked in this way.
Google’s Sundar Pichai, Facebook’s Mark Zuckerberg and former Twitter man Dick Costolo are just some of the names left red-faced in recent weeks, although Iribe’s hacker seems not to hail from the same group that claimed responsibility for these hacks.
The offending tweets on Iribe’s account have now been removed and normal service resumed.
Twitter account hacks are nothing new, and expose the frailties of password-based authentication systems.
The embarrassment for Iribe and some of his Silicon Valley counterparts is that the micro-blogging site rolled out two-factor authentication more than two years ago.
For those who don’t enable it there are increasing threats from cyberspace.
Earlier this month a Russian hacker going by the handle Tessa88 was found to be selling a cache of 32 million Twitter account credentials for 10 Bitcoin ($6802).
The same hacker claimed that they have a total of 374 million records, although Twitter hit back that it was not breached.
“The explanation for this is that 10s of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” it said at the time.
The incident nevertheless reinforces the need for 2FA, or at least for users to stop password reuse across accounts.