How easy was it to "hack" Trump's Twitter account? Ridiculously easy. No two-step verification. No other security measures. The hacker, a security analyst, simply guessed. And after a few hours of poking around and taking screenshots as proof, Gevers alerted U.S. authorities to the stunningly lax security taken by Trump.
Last week a Dutch security researcher succeeded in logging into the Twitter account of the American President Donald Trump. Trump, an active Twitterer with 87 million followers, had an extremely weak and easy to guess password and had according to the researcher, not applied two-step verification.
The researcher, Victor Gevers, had access to Trump’s personal messages, could post tweets in his name and change his profile. Gevers took screenshots when he had access to Trump’s account. These screenshots were shared with de Volkskrant by the monthly opinion magazine Vrij Nederland. Dutch security experts find Gevers’ claim credible.
On Friday morning, almost absentmindedly, Gevers tries a number of passwords and their variations. On the fifth attempt: bingo! He tries ‘maga2020!’ (short for make America great again) and suddenly finds himself in the Twitter account of the American President. He is flabbergasted. Gevers: ‘I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information.’ None of that.
On that Friday morning, Gevers has access to what is perhaps the most important Twitter account in the world and is in a position to send a message to 87 million people, the attentive world press, and government leaders. Gevers: ‘I did think: “Here we go again”.’
Gevers was contacted by the American Secret Service, who thanked him for alerting them. By Saturday, Trump's password had been changed and a two-step security verification put in place, as it ought to have been in the first place.
Twitter disputes Gevers' claim. Gevers also hacked into Trump's account in 2016.
A Dutch researcher managed to log into @realDonaldTrump's Twitter account by guessing his password ("maga2020"), which had no 2-step verification.https://t.co/UriCETV6qX pic.twitter.com/MO7qf8oQQp
— Charles Lister (@Charles_Lister) October 22, 2020