A Dutch security researcher is making headlines after his cracks at guessing Trump’s twitter password were successful.
It was the second time that he was able to crack Trump’s twitter password, which he has since revealed was ‘MAGA2020’.
The researcher in question, Victor Gevers works as a security researcher with the GDI foundation and is also the chair of the Dutch Institute for Vulnerability Disclosure. He informed the Secret Service and eventually Dutch media that he had successfully cracked Trump’s twitter passsword, with the White House and Twitter stepping in after the claim was made.
Mr Gevers has said that he was able to successfully guess Trump’s Twitter password after entering ‘MAGA2020’ into the password section, which was surprisingly not backed up with two-factor authentication. MAGA being a reference to Trump’s popular ‘Make America Great Again’ campaign slogan.
“It’s unbelievable that a man that can cause international incidence and crash stock markets with his Tweets has such a simple password and no two-factor authentication.” Professor Alan Woodward
The Dutch paper that first broke the story writes that “he [Gevers] tries to warn others. Trump’s campaign team, his family. He sends messages via Twitter asking if someone will call Trump’s attention to the fact that his Twitter account is not safe. He tags the CIA, the White House, the FBI, Twitter themselves. No response,” they write.
He says that after logging into Trump’s twitter page, he took a screenshot as proof, and later wrote to the US-CERT, which is a member of the Homeland Security Cybersecurity and Infrastructure Security Agency. Gevers told CISA of the massive security vulnerability, who responded by changing President Trump’s password details.
Gevers says that after a few days of silence, he discovered that two-factor authentication had been implemented on Trump’s twitter page, and that the Secret Service contacted him to thank him for identifying the security vulnerability.
This was the second time that Mr Gevers was able to access Trump’s personal twitter page, after a 2016 campaign used credentials from a 2012 LinkedIn data breach. The security researchers were able to see that Trump had set his password to ‘yourefired’, in reference to his television show, the Apprentice.
The Dutch security researcher says he notified authorities in the Netherlands of the breach, and suggested a number of ways that Trump could increase the security of his page. Mr Gevers said he offered a few choices of new passwords, including ‘maga2020’, but says he “did not expect” that President Trump, or his team, would take it literally.
Twitter has since responded to the events with a statement from a spokesperson seemingly denying the allegations of a lack of two-factor authentication, saying that the company has implemented strict security measures for a number of celebrity and politician’s pages.
Twitter spokesperson Ian Plunkett has said that “we’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today.”
“We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Twitter has, in recent months, moved to push two-factor authentication on public pages that have the potential to sway election results in an effort to maintain the integrity of, and mitigate the impact of misinformation for the 2020 presidential election year.
Alan Woodward, a professor with the University of Surrey has told TechCrunch that “it’s unbelievable that a man that can cause international incidence and crash stock markets with his Tweets has such a simple password and no two-factor authentication.”
“Bearing in mind his account was hacked in 2016 and he was saying only a couple of days ago that no one is hacked the irony is vintage 2020,” Woodward added.