A Dutch “white hat” gained full access to Trump’s Twitter account recently without resorting to any fancy hacking.
Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt.
The account was not protected by two-factor authentication, granting Gevers access to the president’s account.
Emphasis mine.
Gevers said the password that he guessed was “maga2020”. (ffs)
Gevers sent the screenshot shown above to US-CERT, which is a division of Homeland Security charged with securing the nation’s digital infrastructure and dealing with intrusions. The account’s password was changed shortly thereafter.
A Twitter spokesperson claimed that they had seen no evidence that anyone had gained access to the account.
Twitter said last month that it would tighten the security on the accounts of political candidates and government accounts, including encouraging but not mandating the use of two-factor authentication.
Likewise, word from the White House was that the story is “absolutely not true” but we all know what that’s worth.
But wait — there’s more. In 2016, Gevers, and two others, did the same thing. That time, the password that they guessed was “yourefired”. They contacted Dutch authorities about it, and provided some tips for better password security, such as using numerals and special characters. One of the examples that they gave was “maga2020!”.