A security researcher claims that he was able to hack into Donald Trump’s Twitter account by guessing his password correctly.
Victor Gevers, a researcher at the non-profit GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, disclosed this on Twitter.
The researcher posted the following referencing an incident four years ago when the same thing happened:
“Dear @realDonaldTrump, I’ve tried to notify multiple times because of your passwords for Twitter are too weak. Last Friday, I contacted @CISAgov, @TeamTrump, @WhiteHouse, @DonaldJTrumpJr, and @twittersecurity, just like in Oct 2016. But no one responds. Please keep 2FA enabled!”
Earlier in 2016, the researchers along with two others were able to access Trump’s account by guessing the password, “yourefired.” Now the password is “maga2020!” without any two-factor authentication enabled.
According to a spokesperson at Twitter, there has been no evidence to prove this claim and stated that they have implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States.
However according to an article in Dutch paper De Volksrant, Gevers took screenshots to document his steps, which included four failed attempts before he hit upon the correct password.
None of the Twitter accounts the researcher has mentioned above have replied to him.
But the next day he noticed that the account has enable two-factor authentication and two days after reporting, he received an email from the Secret Service asking for more information regarding the account takeover and thanking him for highlighting the security issue.