A Dutch security researcher says he accessed President Trump’s @realDonaldTrump Twitter account last week by guessing his password: “maga2020!”.
Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt.
The account was not protected by two-factor authentication, granting Gevers access to the president’s account.
After logging in, he emailed US-CERT, a division of Homeland Security’s cyber unit Cybersecurity and Infrastructure Security Agency (CISA), to disclose the security lapse, which TechCrunch has seen. Gevers said the president’s Twitter password was changed shortly after.
A screenshot from inside Trump’s Twitter account. (Image: Victor Gevers)
It’s the second time Gevers has gained access to Trump’s Twitter account.
The first time was in 2016, when Gevers and two others extracted and cracked Trump’s password from the 2012 LinkedIn breach. The researchers took his password — “yourefired” — his catchphrase from the television show The Apprentice — and found it let them into his Twitter account. Gevers reported the breach to local authorities in the Netherlands, with suggestions on how Trump could improve his password security. One of the passwords he suggested at the time was “maga2020!” he said. Gevers said he “did not expect” the password to work years later.
Dutch news outlet RTL News first reported the story.
In a statement, Twitter spokesperson Ian Plunkett said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Trump’s account is said to be locked down with extra protections after he became president, though Twitter has not said publicly what those protections entail. His account was untouched by hackers who broke into Twitter’s network in July in order to abuse an “admin tool” to hijack high-profile accounts and spread a cryptocurrency scam.
A spokesperson for the White House and the Trump campaign did not immediately comment. A spokesperson for CISA did not immediately confirm the report.
Gevers has previously reported security incidents involving a facial recognition database used to track Uyghur Muslims and a vulnerability in Oman’s stock exchange.
Updated with Twitter comment.
