A Dutch researcher says he was able to hack into Donald Trump’s Twitter account—although it doesn’t feel right to even call it “hacking” when what he actually did was guess Trump’s absurdly obvious password, which was—wait for it–”maga2020!” Trump also did not have any sort of two-step authentication turned on.
According to the Dutch news outlet de Volkskrant, that security researcher, Victor Gevers, stumbled into Trump’s Twitter account basically without trying.
“On Friday morning, October 16, Gevers almost carelessly enters a number of passwords and variations thereof,” the site writes (translated to English). “On the fifth attempt it hits. He tries ‘maga2020!’ (the abbreviation of MakeAmericaGreatAgain, Trump’s slogan) and is stuck in the Twitter account of the US president. He is stunned. Gevers: ‘I thought I would get a block after four unsuccessful attempts. Or that I would be asked for additional information.’ None of that.”
Credit to @TheOnion writers for still showing up every day and doing their thing when the real headlines keep looking like this https://t.co/dqrTrr0F3G
— Rob SCARE-idan says #VOTE // #BLM #ArtIsResistance (@rob_sheridan) October 22, 2020
Happy Hogan is head of security for Stark Industries. His password is PASSWORD. Somehow THAT makes more sense than this. https://t.co/4PH9vkV7bF
— rachel leishman (@RachelLeishman) October 22, 2020
https://t.co/ON6qUSpEkA pic.twitter.com/5RgSm4kaT9
— Brock Wilbur {SHELLED} (@brockwilbur) October 22, 2020
This isn’t the first time Trump’s account has been hacked, or even the first time hacked by Gevers. In 2016, the researcher and two other hackers found Trump’s password, reportedly from a 2012 Linkedin data breach. According to VN News, that password was “yourefired,” his Apprentice catchphrase.
Twitter, for its part, denied that hacking had taken place when speaking with The Guardian, while de Volkskrant writes, “Twitter does not want to comment on the record and says it will never be able to respond to the security measures for individual accounts”
While most of us would quickly take the opportunity to disable Trump’s Twitter account if we had the chance, Gevers is an ethical hacker, meaning he’s not trying to interfere with a person’s account in any way, he’s just trying to look for security gaps. And Trump is nothing if not one giant security gap.
The big issue for Gevers and other ethical hackers is that to let the hackee know about their breach and to encourage them the beef up their safety measures, they have to admit to committing a crime.
But Gevers took screenshots and emailed them to an American digital security organization, as well as to Trump himself using an old email address they had from the first breach.
“He kindly advises Trump to take additional security measures,” writes de Volkskrant. “And maybe to take a longer password. Gevers even makes a suggestion:! IWillMakeAmericaGreatAgain2020 !, and a guide on how to enable two-step verification. ‘But I got no response.'”
Gevers DMs members of Trump’s campaign team and family and also gets no response. “He tags the CIA, the White House, the FBI, Twitter itself. No reaction.” Finally, a day after the hack, he says he sees that two-factor authentication has finally been set up in the account. A few days after that, he says the Secret Service contacted him.
“‘Friendly,'” He tells de Volkskrant. “‘They were interested in my information. I forwarded everything to them.’ On Tuesday they speak digitally. They thank Gevers and tell him the vulnerability was unknown to them.”
This is absolutely bananas. Trump frequently uses his Twitter account to post official policy decisions and while we can’t know what his DMs looks like (given that whole “ethical” hacker thing), VN says they can’t publish all of Gevers’ screenshots because “the files contain sensitive information.” And his password was literally just his campaign slogan.
While Trump is probably the person in the country we would most want to have the strongest password possible, he is by no means the only person not paying attention to their own security. From de Volkskrant:
The reason for trying to hack Trump’s account again was the reports in the United States about Hunter Biden. The hard drive of the son of Democratic presidential candidate Joe Biden is said to have been stolen or hacked – partly because Hunter Biden used an easy-to-guess password (Hunter02).
Please, let the president of the United States and the person whose accounts he and his supporters would most like to hack and tamper with be the ones to remind you to please, please come up with better passwords than they do.
(via de Volkskrant, image: MANDEL NGAN/AFP via Getty Images)
Want more stories like this? Become a subscriber and support the site!
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
Published: Oct 22, 2020 05:21 pm