A security researcher reportedly logged into President Trump's Twitter account last week by guessing the password – it was "maga2020!" – and warned the US government that Trump needs to update his Twitter security practices.
Security researcher Victor Gevers reportedly guessed Trump's password on the fifth attempt and was dismayed that the president had not enabled two-step authentication. The news was reported today by de Volkskrant, a Dutch newspaper, and the magazine Vrij Nederland. Both reports included quotes from Gevers, while Vrij Nederland also posted a screenshot that Gevers took when he had access to the @realdonaldtrump account.
Gevers is said to have received access to Trump's Twitter account on Friday last week. He says he tried passwords like "MakeAmericaGreatAgain" and "Maga2020" before finding the correct password for "maga2020!" Gevers is a well-known security researcher and was quoted in several Ars articles on other security topics from 2017. He is a researcher at the non-profit GDI Foundation and chairman of the Dutch Vulnerability Disclosure Institute.
"I expected to be blocked after four failed attempts," or at least "to be asked for additional information," said Gevers, according to de Volkskrant. The report said:
The Dutchman made Trump and the American government agencies aware of the security leak. After a few days he was contacted by the American secret service in the Netherlands. This agency is also responsible for the security of the American president and took the report seriously, according to de Volkskrant's correspondence. Meanwhile, Trump's account has been made more secure.
Trump Account tweeted satire articles about Biden
On the same day that Gevers allegedly hacked Trump's Twitter account, the account tweeted a satirical article by the Babylon Bee entitled "Twitter Shuts Down Network To Slow Down Negative Biden News". Trump was apparently fooled by the satirical news site, but Vrij Nederland's article suggests that the tweet may have been sent by Gevers when he had access to Trump's profile.
"I'm not saying I did it," said Gevers, according to Vrij Nederland. "But what if I was the one who posted the tweet? Then Trump either has to admit that he never read the Babylon Bee article and posted this bullshit tweet, or he has to acknowledge that someone else posted the tweet Has." The tweet has not yet been deleted.
Twitter said today it "saw no evidence to back up this claim" that Trump's account was hacked, according to an article by The Independent. However, Twitter also said it has "proactively implemented account security measures for a specific group of high-profile, election-related Twitter accounts in the US, including the federal governments."
Twitter's statement does not refute Gevers' claim. We contacted Gevers today and he confirmed to Ars that he was using the password "maga2020!" Logged into Trump's Twitter account. and that this was the "second time in four years" that he has accessed Trump's Twitter account. Gevers and two other researchers said they accessed Trump's Twitter account in 2016 by obtaining his password due to a data breach. The password at this point was "yourefired".
White House Assistant Secretary Judd Deere also denied Gevers' allegation, telling Forbes, "This is absolutely not true, but we are not commenting on the security procedures regarding the President's social media accounts."