Did Facebook founder hack into journalists’ private email accounts?

Mark Zuckerberg
You don’t have to be a long-term follower of the computer security stories we’ve shared on the Sophos website over the years to know that young people sometimes do stupid things.

On Friday last week, as I was flying back from the RSA Conference in San Francisco, a news story emerged online claiming that Facebook boss Mark Zuckerberg hacked into the private email accounts of two journalists in 2004.

According to the report, two reporters of the “Harvard Crimson” student newspaper were the victims of a hack after Zuckerberg became concerned that they would run a story examining similarities between the then fledgling Facebook website and a similar (and now defunct website) called ConnectU.

The three Harvard students behind the ConnectU website were in a now well-publicised dispute with Zuckerberg, who they had originally asked to help them create an online social network. Zuckerberg created TheFacebook.com (later to be named just ‘Facebook’), originally confining membership to Harvard students.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the latest media reports, Zuckerberg is alleged to have examined a log of incorrect passwords entered by Harvard Crimson staff members as they attempted to access Facebook, and then used those login details against the individuals’ personal email accounts.

Of course, I have no way of verifying if the allegations are true or not – and some people may argue that it doesn’t matter that much as the alleged hack took place almost six years ago when Zuckerberg was just 19 years old..

But unauthorised access to someone else’s email account is against the law, and this accusation against Facebook CEO Mark Zuckerberg – whether accurate or not – does underline an important message to all youngsters:

Breaking computer laws by hacking, stealing identities, spamming or distributing malware may seem ‘mostly harmless’ when you’re a teenager – but it’s a serious crime. Don’t make mistakes as a youngster that may come back to haunt you later in life.

* Image source: Carlo Nicora’s Flickr photostream (Creative Commons)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.