A Dutch security researcher gained editing, posting, and messaging access to President Trump’s Twitter account last week for the second time since 2016.
Victor Gevers said the president had an “extremely weak and easy to guess password” and that he had not applied a two-step verification process, according to the Volkskrant. Gevers said that he was able to access Trump’s personal messages, to post tweets, and to change Trump’s profile.
The Dutch magazine Vrij Nederland shared a screenshot of the “ethical hacker” gaining access to the account, showing that he was able to edit the profile.
Gevers alerted Trump and the U.S. government about the leak and was in contact with the Secret Service in the Netherlands. According to the Volkskrant, the account has been made more secure. After reaching out to the White House, Gever’s later attempts at accessing the account confirmed that the password had been changed and a two-step authentication had been implemented.
Matthijs Koot, a security researcher at Secura, told the Volkskrant that the second successful hack should be a signal to Twitter to enforce more stringent security measures for its users. “They should either compel people to use additional authentication or, if people really don’t want this, make them use a complex password,” he said. “The days of logging in with just a weak password are over.”
Twitter has rebuffed the claim that Trump’s account was hacked. “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a spokesperson said. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
In September, Twitter announced that it was adding security measures for “high-profile, election-related Twitter accounts.”
According to the announcement, high-profile accounts with weak passwords would be required to make their passwords stronger “the next time you log into Twitter,” and password reset protections would automatically be enabled. The announcement did say, however, that two-factor authentications would only be “strongly encouraged.”
Dutch hackers, including Gevers, previously gained access to Trump’s account ahead of the 2016 election. “That we would succeed in doing it again so soon was not planned,” he told the Volkskrant. According to Gevers, Trump’s password was “maga2020!”
