A security researcher says that he hacked President Donald Trump's Twitter account earlier this month, guessing that his password was "maga2020!" "And probably sending a tweet that Trump seemed to take a satirical article seriously. The Dutch Volkskrant newspaper and the magazine Vrij Nederland confirmed the news earlier today, citing screenshots and interviews with the writer, Victor Gevers.
We have seen no evidence to support this assertion, even from the article published in the Netherlands today, said the Twitter spokesperson. We proactively introduced accounting security measures for a specified high-profile, election-related category of Twitter accounts in the United States, including federal branches of government.
Judd Deere, Deputy Press Secretary of the White House, also denied the story. This is definitely not true, he said, but we are not commenting on the security procedures of the president's social media accounts.
Vrij Nederland announced last month that Gevers and two other hackers had successfully broken Trump's Twitter account in October 2016. According to its latest research, Gevers agreed to run a new safety test in 2020 by plugging in the old password. That password ("yourefired") didn't work, but Gevers noticed that Trump didn't have two-factor authentication enabled — a surprising vulnerability for an extremely critical account. He guessed a handful of other passwords and was granted access after five other attempts.
Twitter did not explain precisely what security measures had been placed in place for Trump's account. The company started requesting strong passwords and seriously promoting two-factor authentication in September following a hack of many high-profile accounts, but it is potentially likely that the Trump campaign would have disabled that additional measure.
Vrij Nederland also suggests that Gevers was responsible for the strange tweet that Trump sent on October 16th.
The tweet referred to the satirical publication The Babylon Bee in an apparently serious capacity. Gevers obviously wouldn't confirm this to Vrij Nederland, but he said that if he did, Trump would either have to confess that he's never read the Babylon Bee report, or that he's going to have to accept that someone else has posted the tweet.
Trump said in a speech earlier this week that no one gets hacked, except for someone with a 197IQ and about 15 percent of your password. Trump had previously acknowledged that a hacker had broken his Twitter account in 2013.
Gevers — a renowned security expert and co-founder of the non-profit GDI Foundation — tells that he has made several attempts to contact Trump about the vulnerability. De Volkskrant states that Gevers was approached by the American Secret Service in the Netherlands and taken the article seriously, according to the correspondence of the reporters.
(The U.S. Secret Service Press Line did not respond immediately to an email from The Verge.) In a direct message to The Verge, Gevers says he has tried to contact Twitter with "zero success" several times.
Gevers did not confirm whether he sent a tweet to Babylon Bee. But he says that after having access to Trump's account, he didn't make any improvements to his account. It's not ethical and it's going too far. This is not protected by responsible disclosure / coordinated disclosure of vulnerability, he said. Or a dick pass in plain English.