A security researcher claims to have been able to access Donald Trump’s Twitter account after guessing his password.
Victor Gevers, a researcher at the non-profit GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, revealed his findings on the social media site.
He posted the following, referencing an incident four years ago when the same thing happened:
“Dear @realDonaldTrump, I've tried to notify multiple times because of your passwords for Twitter are too weak. Last Friday, I contacted @CISAgov, @TeamTrump, @WhiteHouse, @DonaldJTrumpJr, and @twittersecurity, just like in Oct 2016. But no one responds. Please keep 2FA enabled!”
Back in 2016, Gevers and two others managed to access Trump’s account after guessing the password, “yourefired.” This time he claims it was “maga2020!” with no two-factor authentication enabled.
Although a Twitter spokesperson said it had “seen no evidence to corroborate this claim” and that it “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States,” an article in Dutch paper De Volksrant, says different.
According to the report, Gevers took screenshots to document his steps, which included four failed attempts before he hit upon the magic password. Although he reached out to the Twitter accounts listed above, none replied.
However, the next day, Gevers noticed two-factor authentication had been activated on the account and two days after that he reportedly received an email from the Secret Service requesting more info on the account takeover and thanking him for highlighting the security snafu.
“Given the President’s near-constant activity on Twitter, his 87 million followers and the sheer power that he holds as the leader of the free world, Trump’s ‘maga2020!’ password is incomprehensibly dangerous,” argued ProPrivacy researcher, Andreas Theodorou.
“In fact, any other year I would be inclined to believe that this was fake news.”
Earlier this week, Trump drew ridicule from the cybersecurity community with comments he made at a rally in Arizona.
"Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15% of your password," he claimed.