A Dutch security researcher “Victor Gevers” claims to have accessed President Trump’s Twitter account @realDonaldTrump last week, he says he did this by guessing his password: “maga2020!”.
A security researcher working at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told The Fast Observer that he guessed American president’s account password and was successful on the 5th attempt.
This is because the account was not protected by two-factor authentication, which granted Gevers access to the president’s account.
After logging in, he emailed US-CERT, a division of Homeland Security’s cyber unit Cybersecurity and Infrastructure Security Agency (CISA), to disclose the security lapse. Gevers said the president’s Twitter password was changed shortly after.
It’s the second time Gevers has gained access to Trump’s Twitter account,The first time being in 2016, when Gevers and two others extracted and cracked Trump’s password from the 2012 LinkedIn breach. The researchers took his password — “yourefired” — his catchphrase from the television show The Apprentice — and found it let them into his Twitter account. Gevers reported the breach to local authorities in the Netherlands, with suggestions on how Trump could improve his password security. One of the passwords he suggested at the time was “maga2020!” he said. Gevers said he “did not expect” the password to work years later.
Dutch news outlet RTL News first reported the story.
In a statement, Twitter spokesperson Ian Plunkett said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Twitter said last month that it tightened security on the accounts of political candidates and government accounts, including encouraging but not mandating the use of two-factor authentication.
Trump’s account is said to be locked down with extra protections after he became president, though Twitter has not said publicly what those protections entail. His account was untouched by hackers who broke into Twitter’s network in July in order to abuse an “admin tool” to hijack high-profile accounts and spread a cryptocurrency scam.
A spokesperson for the White House and the Trump campaign did not immediately comment, but White House deputy press secretary Judd Deere reportedly said the story is “absolutely not true,” but declined to comment on the president’s social media security. A spokesperson for CISA did not immediately confirm the report.
“It’s unbelievable that a man that can cause international incidence and crash stock markets with his Tweets has such a simple password and no two-factor authentication,” said Alan Woodward, a professor at the University of Surrey. “Bearing in mind his account was hacked in 2016 and he was saying only a couple of days ago that no one is hacked the irony is vintage 2020.”