NFL is latest in string of high-profile hacks
NEW YORK -- A tweet caused a few shrieks Tuesday by reporting -- falsely -- the death of NFL Commissioner Roger Goodell.
Goodell's fake obituary was posted on the NFL'S verified Twitter feed Tuesday morning.
"We regret to inform our fans that our commissioner, Roger Goodell, has passed away," the tweet read.
But Goodell is alive and well. The NFL had been hacked.
How could it happen?
"We got into a social media employee's email and found the account password there," one of hackers told the website Tech Insider by email.
Weak passwords have become a chronic problem. According to the security firm Trustwave, they account for more than a quarter of cyber breaches.
To show how easy it is, last year Trustwave analyst Garret Picchioni had me enter a seven character password.
"We can make almost 91 billion guesses per second," Picchioni explained.
It didn't take long to crack: about 37 seconds. That's scary.
Picchioni said seven or eight characters are no longer enough.
"Computer hardware has reached a point where we're able to attack them so quickly that a password that small isn't practical anymore," Picchioni said. "Especially for incredibly sensitive things like financials, online banking."
Even Facebook founder Mark Zuckerberg has made that mistake. His Twitter and Pinterest accounts were hacked Sunday.
The hacker even posted the password Zuckerberg had reused: "dadada", which they claimed to have found in a database of 117 million passwords taken from the LinkedIn hack in 2012.
Security experts say the more characters in a password, the longer it takes to hack.
The NFL says it has engaged law enforcement to determine how its Twitter account was hijacked.
The commissioner laughed off the premature reports of his demise. Goodell tweeted "Man, you leave the office for 1 day of golf... and your own network kills you off #harsh"
